Document toolboxDocument toolbox

ras.beyondtrust

Introduction

The tags beginning with ras.beyondtrust identify events generated by BeyondTrust.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as ras.beyondtrust. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

BeyondTrust

ras.beyondtrust.events

ras.beyondtrust.events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

ras.beyondtrust.events

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

serverdate

timestamp

parsedate(replace(serverdate_str, "T", " "), dateformat("YYYY-MM-DD HH:mm:ssZZ"))

serverdate_str

 

app_name

str

 

 

 

proc_id

str

 

 

 

msg_id

str

 

 

 

sequence_id

str

 

 

 

side_id

str

 

 

 

segment_number

str

 

 

 

total_segments

str

 

 

 

event_type

str

 

 

 

reason

str

 

 

 

site

str

 

 

 

status

str

 

 

 

target

str

 

 

 

when_tmp

int8

 

 

 

when

timestamp

timestamp(when_tmp * 1000)

when_tmp

 

who

str

 

 

 

who_ip

ip4

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

rawSource

✓