ips.tippingpoint
Introduction
The tags beginning with ips.tippingpoint
identify events generated by TippingPoint Security Management System.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as ips.tippingpoint
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Trend Micro TippingPoint Security Management System |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
ips.tippingpoint.sms
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
machine |
| Â | vmachine | Â |
action |
| Â | Â | Â |
actionStr |
| (action = 7) ? "permit" : (action = 8) ? "block" : (action = 9) ? "p2p" : null("") | action | Â |
severity |
| Â | Â | Â |
severityStr |
| (severity = 0) ? "normal" : (severity = 1) ? "low" : (severity = 2) ? "minor" : (severity = 3) ? "major" : (severity = 4) ? "critical" : null("") | severity | Â |
signatureUUID |
| Â | Â | Â |
signatureName |
| Â | Â | Â |
signatureNumber |
| Â | Â | Â |
signatureProto |
| Â | Â | Â |
srcIp |
| Â | Â | Â |
srcPort |
| Â | Â | Â |
dstIp |
| Â | Â | Â |
dstPort |
| Â | Â | Â |
hitCount |
| Â | Â | Â |
srcZone |
| Â | Â | Â |
dstZone |
| Â | Â | Â |
incomingPhysicalPort |
| Â | Â | Â |
vlanId |
| Â | Â | Â |
deviceName |
| Â | Â | Â |
taxonomyId |
| Â | Â | Â |
eventTimestamp |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  |  | ✓ |