cloud.twistlock
Introduction
The tags beginning with cloud.twistlock
identify events generated by Twistlock.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as cloud.twistlock
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Twistlock |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
cloud.twistlock.events
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
type |
| Â | Â | Â |
time |
| Â | Â | Â |
timestamp |
| parsedate(time, "MMM DD, YYYY HH:mm:ss [UTC]", "UTC") | time | Â |
container |
| Â | Â | Â |
image |
| Â | Â | Â |
host |
| Â | Â | Â |
fqdn |
| Â | Â | Â |
function |
| Â | Â | Â |
region |
| Â | Â | Â |
runtime |
| Â | Â | Â |
appID |
| Â | Â | Â |
rule |
| Â | Â | Â |
message |
| Â | Â | Â |
aggregated |
| Â | Â | Â |
rest |
| Â | Â | Â |
rawMessage |
|  | rawSource | ✓ |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |