Document toolboxDocument toolbox

ips.tippingpoint

Introduction

The tags beginning with ips.tippingpoint identify events generated by TippingPoint Security Management System.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as ips.tippingpoint. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Trend Micro TippingPoint Security Management System

ips.tippingpoint.sms

ips.tippingpoint.sms

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

ips.tippingpoint.sms

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

machine

str

 

vmachine

 

action

int4

 

 

 

actionStr

str

(action = 7) ? "permit" : (action = 8) ? "block" : (action = 9) ? "p2p" : null("")

action

 

severity

int4

 

 

 

severityStr

str

(severity = 0) ? "normal" : (severity = 1) ? "low" : (severity = 2) ? "minor" : (severity = 3) ? "major" : (severity = 4) ? "critical" : null("")

severity

 

signatureUUID

str

 

 

 

signatureName

str

 

 

 

signatureNumber

str

 

 

 

signatureProto

str

 

 

 

srcIp

ip4

 

 

 

srcPort

int4

 

 

 

dstIp

ip4

 

 

 

dstPort

int4

 

 

 

hitCount

int4

 

 

 

srcZone

str

 

 

 

dstZone

str

 

 

 

incomingPhysicalPort

str

 

 

 

vlanId

str

 

 

 

deviceName

str

 

 

 

taxonomyId

str

 

 

 

eventTimestamp

timestamp

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓