drp.digitalshadows

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with drp.digitalshadows identify events generated by Digital Shadows DRP.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as drp.digitalshadows. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Digital Shadows SearchLight	`drp.digitalshadows.searchlight.alerts`	`drp.digitalshadows.searchlight.alerts`
	`drp.digitalshadows.searchlight.assets`	`drp.digitalshadows.searchlight.assets`
	`drp.digitalshadows.searchlight.incidents`	`drp.digitalshadows.searchlight.incidents`
	`drp.digitalshadows.searchlight.triage_items`	`drp.digitalshadows.searchlight.triage_items`

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

drp.digitalshadows.searchlight.alerts
drp.digitalshadows.searchlight.assets
drp.digitalshadows.searchlight.incidents
drp.digitalshadows.searchlight.triage_items

drp.digitalshadows.searchlight.alerts

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Field transformation	Source field name	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`str`
portal_id	`str`
classification	`str`
risk_assessment	`str`
risk_factors_str	`str`	`join(risk_factors, ',')`	risk_factors
title	`str`
description	`str`
assets_str	`str`	`join(assets, ',')`	assets
raised	`timestamp`
updated	`timestamp`
hostchain	`str`			✓
tag	`str`			✓
rawMessage	`str`			✓

drp.digitalshadows.searchlight.assets

Field	Type	Extra fields

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`str`
type	`str`
approval_state	`str`
display_value	`str`
archived	`bool`
labels	`str`
created	`timestamp`
updated	`timestamp`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

drp.digitalshadows.searchlight.incidents

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Field transformation	Source field name	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`int8`
classification	`str`
risk_level	`str`
title	`str`
description	`str`
impact_description	`str`
mitigation	`str`
assets_str	`str`	`join(assets, ',')`	assets
raised	`timestamp`
updated	`timestamp`
hostchain	`str`			✓
tag	`str`			✓
rawMessage	`str`			✓

drp.digitalshadows.searchlight.triage_items

Field	Type	Extra fields

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`str`
classification	`str`
state	`str`
portal_id	`str`
title	`str`
risk_level	`str`
raised	`timestamp`
updated	`timestamp`
source	`str`
assignee	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓