Document toolboxDocument toolbox

edr.observeit

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Aug 25, 2023
1 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 Table structure ]

Introduction

The tags begin with edr.observeit identify the events generated by ObserveIT.

Tag structure

The full tag must have 3 levels. The first two are fixed as edr.observeit. The third level identifies the type of events sent.

Product / Services

Tags

Data tables

Product / Services

Tags

Data tables

ObserveIT

edr.observeit.events

edr.observeit.events

For more information, read more about Devo tags.

Table structure

These are the fields displayed in this table:

edr.observeit.events

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

cat

str

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

destinationServiceName

str

 

deviceProcessName

str

 

dhost

str

 

dntdom

str

 

dproc

str

 

duid

str

 

duser

str

 

dvchost

str

 

dvc

ip4

 

end

timestamp

 

msg

str

 

rt

timestamp

 

shost

str

 

sntdom

str

 

sproc

str

 

src

ip4

 

start

timestamp

 

suid

str

 

suser

str

 

externalId

str

 

origin

str

 

reason

str

 

requestMethod

str

 

sourceServiceName

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓