utm.hawkeye
Introduction
The tags beginning with utm.hawkeye
identify events generated by Juniper Networks Advanced Threat Prevention (formerly of Cyphort)
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as utm.hawkeye
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Juniper Networks Advanced Threat Prevention (formerly of Cyphort) |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
utm.hawkeye.cyphort
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
host |
| vhost | Â |
rawMessage |
| rawSource | Â |
cef |
| Â | Â |
device |
| Â | Â |
model |
| Â | Â |
version |
| Â | Â |
process |
| Â | Â |
platform |
| Â | Â |
id |
| Â | Â |
rt |
| Â | Â |
cs1Label |
| Â | Â |
cs1 |
| Â | Â |
cs2Label |
| Â | Â |
cs2 |
| Â | Â |
cs3Label |
| Â | Â |
cs3 |
| Â | Â |
shost |
| Â | Â |
srcIp |
|  | ✓ |
hostchain |
|  | ✓ |
tag |
|  | ✓ |