Document toolboxDocument toolbox

casb.proofpoint

Owned by Former user (Deleted)
Last updated: May 30, 2023 by Juan Tomás Alonso Nieto (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with casb.proofpoint identify events generated by CASB Proofpoint.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as casb.proofpoint. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Proofpoint

casb.proofpoint.alert

casb.proofpoint.alert

casb.proofpoint.event

casb.proofpoint.event

For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by CASB Proofpoint are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.

Table structure

These are the fields displayed in these tables:

casb.proofpoint.alert

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

str

 

timestamp

timestamp

 

description

str

 

related_events__user_email

str

 

related_events__user_id

str

 

related_events__event_id

str

 

related_events__geo_location

str

 

related_events__user_agent

str

 

related_events__intelligence

str

 

related_events__timestamp

int8

 

related_events__cloud_service

str

 

related_events__location

str

 

related_events__meta_data

json

 

related_events__meta_data__extracted_fields

str

 

related_events__event_classification__id

str

 

related_events__event_classification__sub_category

str

 

related_events__event_classification__threat

str

 

related_events__event_classification__category

str

 

related_events__full_name

str

 

tenantId

str

 

severity

str

 

type

str

 

title

str

 

subType

str

 

related_events_found

int4

 

related_events_id

int4

 

at_devo_environment

str

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

casb.proofpoint.event

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

str

 

timestamp

timestamp

 

description

str

 

related_events__user_email

str

 

related_events__user_id

str

 

related_events__event_id

str

 

related_events__geo_location

str

 

related_events__user_agent

str

 

related_events__intelligence

str

 

related_events__timestamp

int8

 

related_events__cloud_service

str

 

related_events__location

str

 

related_events__meta_data

json

 

related_events__meta_data__extracted_fields

str

 

related_events__event_classification__id

str

 

related_events__event_classification__sub_category

str

 

related_events__event_classification__threat

str

 

related_events__event_classification__category

str

 

related_events__full_name

str

 

tenantId

str

 

severity

str

 

type

str

 

title

str

 

subType

str

 

related_events_found

int4

 

related_events_id

int4

 

at_devo_environment

str

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Â