Document toolboxDocument toolbox

firewall.f5

Introduction

The tags beginning with firewall.f5 identify events generated by F5.

Valid tags and data tables 

The full tag must have 3 levels. The first two are fixed as firewall.f5. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

F5 Web Application Firewall

  • firewall.f5.asm

  • firewall.f5.asm.csv

firewall.f5.asm

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

firewall.f5.asm

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

host

str

vhost

 

attack_type

str

 

 

date_time

str

 

 

dest_ip

str

 

 

dest_port

str

 

 

device_id

str

 

 

geo_location

str

 

 

http_class_name

str

 

 

ip_address_intelligence

str

 

 

ip_client

str

 

 

ip_with_route_domain

str

 

 

is_truncated

str

 

 

management_ip_address

str

 

 

method

str

 

 

policy_apply_date

str

 

 

policy_name

str

 

 

protocol

str

 

 

query_string

str

 

 

request

str

 

 

request_status

str

 

 

response

str

 

 

response_code

str

 

 

route_domain

str

 

 

session_id

str

 

 

severity

str

 

 

sig_ids

str

 

 

sig_names

str

 

 

sig_set_names

str

 

 

src_port

str

 

 

sub_violations

str

 

 

support_id

str

 

 

unit_hostname

str

 

 

uri

str

 

 

username

str

 

 

violation_details

str

 

 

violation_rating

str

 

 

violations

str

 

 

virus_name

str

 

 

websocket_direction

str

 

 

websocket_message_type

str

 

 

x_forwarded_for_header_value

str

 

 

blocking_exception_reason

str

 

 

captcha_result

str

 

 

fragment

str

 

 

management_ip_address_2

str

 

 

microservice

str

 

 

sig_cves

str

 

 

staged_sig_cves

str

 

 

staged_sig_ids

str

 

 

staged_sig_names

str

 

 

staged_threat_campaign_names

str

 

 

tap_event_id

str

 

 

tap_vid

str

 

 

threat_campaign_names

str

 

 

vs_name

str

 

 

web_application_name

str

 

 

geo_info

str

 

 

headers

str

 

 

query_str

str

 

 

req_status

str

 

 

resp_code

str

 

 

unit_host

str

 

 

ip_route_domain

str

 

 

manage_ip_addr

str

 

 

sub_violates

str

 

 

violate_details

str

 

 

violate_rate

str

 

 

x_fwd_hdr_val

str

 

 

http_class

str

 

 

req

str

 

 

resp

str

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

✓