Document toolboxDocument toolbox

dlp.code42

Owned by Anthony Shevlin (Deactivated), created
Last updated: Jun 11, 2024 by Juan Tomás Alonso Nieto (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with dlp.code42 identify events generated by Code42.

Valid tags and data tables 

The full tag must have four levels. The first two are fixed as dlp.code42. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Code42 Incydr

dlp.code42.incydr.alerts

dlp.code42.incydr.alerts

dlp.code42.incydr.audit

dlp.code42.incydr.audit

dlp.code42.incydr.file_expose

dlp.code42.incydr.file_expose

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

dlp.code42.incydr.alerts

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

tenantId

str

 

type

str

 

name

str

 

description

str

 

actor

str

 

actorId

str

 

target

str

 

riskSeverity

str

 

ruleId

str

 

ruleSource

str

 

id

str

 

createdAt

str

 

state

str

 

observations

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

dlp.code42.incydr.audit

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

type

str

 

actor_id

str

 

actor_name

str

 

actor_agent

str

 

actor_ip_address

str

 

timestamp

timestamp

 

actor_type

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

dlp.code42.incydr.file_expose

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

event_id

str

 

event_type

str

 

event_timestamp

timestamp

 

insertion_timestamp

str

 

file_path

str

 

file_name

str

 

file_type

str

 

file_category

str

 

file_size

float8

 

file_owner

str

 

md5_checksum

str

 

sha256_checksum

str

 

create_timestamp

timestamp

 

modify_timestamp

timestamp

 

device_user_name

str

 

os_host_name

str

 

domain_name

str

 

public_ip_address

ip4

 

private_ip_addresses

str

 

device_uid

str

 

user_uid

str

 

source

str

 

exposure

str

 

process_name

str

 

removable_media_vendor

str

 

removable_media_name

str

 

removable_media_serial_number

str

 

removable_media_capacity

float8

 

removable_media_bus_type

str

 

removable_media_media_name

str

 

removable_media_volume_name

str

 

removable_media_partition_id

str

 

mime_type_by_bytes

str

 

mime_type_by_extension

str

 

mime_type_mismatch

bool

 

remote_activity

str

 

trusted

bool

 

operating_system_user

str

 

destination_category

str

 

destination_name

str

 

source_category

str

 

source_name

str

 

risk_score

int4

 

risk_severity

str

 

risk_indicators

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓