Document toolboxDocument toolbox

ofd.spycloud

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Jul 31, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with ofd.spycloud identify events generated by the SpyCloud online fraud detection solution.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as ofd.spycloud. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

SpyCloud ATO Prevention

ofd.spycloud.ato_prevention.watchlist

ofd.spycloud.ato_prevention.watchlist

For more information, read more About Devo tags.

How is the data sent to Devo?

To send logs to these tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can learn how to use it in this article.

Table structure

These are the fields displayed in this table:

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

user_browser

str

 

password

str

 

source_id

int4

 

email

str

 

ip_addresses

str

 

keyboard_languages

str

 

display_resolution

str

 

infected_machine_id

str

 

target_url

str

 

user_sys_registered_owner

str

 

user_hostname

str

 

infected_time

timestamp

 

spycloud_publish_date

timestamp

 

email_domain

str

 

email_username

str

 

domain

str

 

target_domain

str

 

password_type

str

 

password_plaintext

str

 

severity

int4

 

document_id

str

 

infected_path

str

 

country

str

 

user_os

str

 

country_code

str

 

target_subdomain

str

 

record_modification_date

timestamp

 

username

str

 

cc_number

str

 

cc_expiration

str

 

full_name

str

 

cc_bin

str

 

cc_last_four

str

 

first_name

str

 

last_name

str

 

taxid

str

 

address_1

str

 

address_2

str

 

state

str

 

postal_code

str

 

city

str

 

account_password_date

timestamp

 

account_signup_time

timestamp

 

account_login_time

timestamp

 

account_last_activity_time

timestamp

 

timezone

str

 

salt

str

 

homepage

str

 

cc_code

str

 

phone

str

 

social_facebook

str

 

gender

str

 

av_softwares

str

 

account_modification_time

timestamp

 

county

str

 

ethnicity

str

 

dob

timestamp

 

account_nickname

str

 

bank_number

str

 

social_security_number

str

 

drivers_license

str

 

ssn_last_four

str

 

language

str

 

social_twitter

str

 

at_devo_environment

str

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓