edr.observeit
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags begin with edr.observeit identify the events generated by ObserveIT.
Tag structure
The full tag must have 3 levels. The first two are fixed as edr.observeit. The third level identifies the type of events sent.
Product / Services | Tags | Data tables |
|---|---|---|
ObserveIT |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
edr.observeit.events
Field | Type | Extra fields |
|---|---|---|
eventdate |
|
|
cefVersion |
|
|
embDeviceVendor |
|
|
embDeviceProduct |
|
|
deviceVersion |
|
|
signatureID |
|
|
name |
|
|
severity |
|
|
_cefVer |
|
|
cat |
|
|
cs1Label |
|
|
cs1 |
|
|
cs2Label |
|
|
cs2 |
|
|
cs3Label |
|
|
cs3 |
|
|
cs4Label |
|
|
cs4 |
|
|
cs5Label |
|
|
cs5 |
|
|
cs6Label |
|
|
cs6 |
|
|
destinationServiceName |
|
|
deviceProcessName |
|
|
dhost |
|
|
dntdom |
|
|
dproc |
|
|
duid |
|
|
duser |
|
|
dvchost |
|
|
dvc |
|
|
end |
|
|
msg |
|
|
rt |
|
|
shost |
|
|
sntdom |
|
|
sproc |
|
|
src |
|
|
start |
|
|
suid |
|
|
suser |
|
|
externalId |
|
|
origin |
|
|
reason |
|
|
requestMethod |
|
|
sourceServiceName |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |