Document toolboxDocument toolbox

ips.ibm

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Sept 13, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with ips.ibm identify events generated by IBM SNP.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as ips.ibm. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

IBM SNP

ips.ibm.snp.audit

ips.ibm.snp.audit

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

ips.ibm.snp.audit

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

args

str

 

description

str

 

event_id

str

 

name

str

 

priority

str

 

time

str

 

timestamp

str

 

sensorAddress

str

 

sensorName

str

 

sensorGUID

str

 

productID

str

 

message

str

 

hostchain

str

 ✓

tag

str

 ✓

rawMessage

str

 ✓