Document toolboxDocument toolbox

nac.cyberx

Introduction

The tags beginning with nac.cyberx identify events generated by CyberX.

Valid tags and data tables 

The full tag must have two levels. The first two are fixed asnac.cyberx. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

CyberX

nac.cyberx.events

nac.cyberx.events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

msg

str

 

start

timestamp

 

dst_ip

str

 

dst_mac

str

 

protocol

str

 

log_severity

str

 

src_ip

str

 

src_mac

str

 

type

str

 

hostchain

str

✓

rawMessage

str

✓