Document toolboxDocument toolbox

utm.hawkeye

Introduction

The tags beginning with utm.hawkeye identify events generated by Juniper Networks Advanced Threat Prevention (formerly of Cyphort)

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as utm.hawkeye. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Juniper Networks Advanced Threat Prevention (formerly of Cyphort)

utm.hawkeye.cyphort

utm.hawkeye.cyphort

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

utm.hawkeye.cyphort

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

host

str

vhost

 

rawMessage

str

rawSource

 

cef

str

 

 

device

str

 

 

model

str

 

 

version

str

 

 

process

str

 

 

platform

str

 

 

id

str

 

 

rt

str

 

 

cs1Label

str

 

 

cs1

str

 

 

cs2Label

str

 

 

cs2

str

 

 

cs3Label

str

 

 

cs3

str

 

 

shost

str

 

 

srcIp

ip4

 

✓

hostchain

str

 

✓

tag

str

 

✓