nac.cyberx
Introduction
The tags beginning with nac.cyberx
identify events generated by CyberX.
Valid tags and data tablesÂ
The full tag must have two levels. The first two are fixed asnac.cyberx
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
CyberX |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
cefVersion |
| Â |
embDeviceVendor |
| Â |
embDeviceProduct |
| Â |
deviceVersion |
| Â |
signatureID |
| Â |
name |
| Â |
severity |
| Â |
_cefVer |
| Â |
msg |
| Â |
start |
| Â |
dst_ip |
| Â |
dst_mac |
| Â |
protocol |
| Â |
log_severity |
| Â |
src_ip |
| Â |
src_mac |
| Â |
type |
| Â |
hostchain |
| ✓ |
rawMessage |
| ✓ |