Document toolboxDocument toolbox

cspm.sysdig

Owned by Former user (Deleted)
Last updated: May 29, 2023 by Juan Tomás Alonso Nieto (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with cspm.sysdig identify events generated by Sysdig.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as cspm.sysdig. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag

Data table

Tag

Data table

cspm.sysdig.monitor.alerts

cspm.sysdig.monitor.alerts

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

cspm.sysdig.monitor.alerts

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

output

str

 

priority

str

 

rule

str

 

time

str

 

output_fields__container_id

str

 

output_fields__container_image_repository

str

 

output_fields__container_image_tag

str

 

output_fields__evt_arg_uid

str

 

output_fields__evt_time

timestamp

 

output_fields__k8s_ns_name

str

 

output_fields__k8s_pod_name

str

 

output_fields__proc_cmdline

str

 

output_fields__proc_pname

str

 

output_fields__user_loginuid

str

 

output_fields__user_name

str

 

output_fields__user_uid

str

 

output_fields__proc_aname_2

str

 

output_fields__proc_aname_3

str

 

output_fields__proc_aname_4

str

 

output_fields__ebpf_enabled

str

 

output_fields__n_drops

str

 

output_fields__n_drops_buffer

str

 

output_fields__n_drops_bug

str

 

output_fields__n_drops_pf

str

 

output_fields__n_drops_scratch_map

str

 

output_fields__n_evts

str

 

at_devo_collector_version

int4

 

at_devo_source_id

str

 

at_devo_project_id

str

 

at_devo_retrieving_timestamp

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓