Document toolboxDocument toolbox

ips.proventia

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Sept 13, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with ips.proventia identify events generated by Proventia.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as ips.proventia. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Proventia G Series

 

ips.proventia.gseries.audit

ips.proventia.gseries.audit

ips.proventia.gseries.event

ips.proventia.gseries.event

IBM Proventia Management SiteProtector

ips.proventia.siteprotector.leef

ips.proventia.siteprotector.leef

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

ips.proventia.gseries.audit

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

machine

str

vmachine

 

destination

str

 

 

name

str

 

 

host

str

 

 

account

str

 

 

password

str

 

 

port

int4

 

 

proxy

str

 

 

proxy_port

int4

 

 

use_proxy

str

 

 

proxy_user

str

 

 

proxy_password

str

 

 

message

str

rawMessage

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

✓

ips.proventia.gseries.event

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

vmachine

 

id

str

 

 

occurred

timestamp

 

 

eventId

str

 

 

priority

str

 

 

description

str

 

 

tzOffset

int8

 

 

message

str

rawMessage

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

✓

ips.proventia.siteprotector.leef

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

machine

str

 

vmachine

 

devTime

timestamp

 

 

 

eventID

str

 

 

 

proto

int4

 

 

 

protoStr

str

(proto = 6) ? "TCP" : (proto = 17) ? "UDP" : (proto = 1) ? "ICMP" : null("")

proto

 

srcIp

ip4

 

 

 

srcPort

int4

 

 

 

dstIp

ip4

 

 

 

dstPort

int4

 

 

 

severity

int4

 

 

 

status

str

 

 

 

adapterId

str

 

 

 

domain

str

 

 

 

category

str

 

 

 

version

str

 

 

 

unknown

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓