ras.beyondtrust
Introduction
The tags beginning with ras.beyondtrust
identify events generated by BeyondTrust.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as ras.beyondtrust
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
BeyondTrust |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
ras.beyondtrust.events
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
serverdate |
| parsedate(replace(serverdate_str, "T", " "), dateformat("YYYY-MM-DD HH:mm:ssZZ")) | serverdate_str | Â |
app_name |
| Â | Â | Â |
proc_id |
| Â | Â | Â |
msg_id |
| Â | Â | Â |
sequence_id |
| Â | Â | Â |
side_id |
| Â | Â | Â |
segment_number |
| Â | Â | Â |
total_segments |
| Â | Â | Â |
event_type |
| Â | Â | Â |
reason |
| Â | Â | Â |
site |
| Â | Â | Â |
status |
| Â | Â | Â |
target |
| Â | Â | Â |
when_tmp |
| Â | Â | Â |
when |
| timestamp(when_tmp * 1000) | when_tmp | Â |
who |
| Â | Â | Â |
who_ip |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  | rawSource | ✓ |