firewall.f5
Introduction
The tags beginning with firewall.f5
identify events generated by F5.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as firewall.f5
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
F5 Web Application Firewall |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
firewall.f5.asm
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
hostname |
| Â | Â |
host |
| vhost | Â |
attack_type |
| Â | Â |
date_time |
| Â | Â |
dest_ip |
| Â | Â |
dest_port |
| Â | Â |
device_id |
| Â | Â |
geo_location |
| Â | Â |
http_class_name |
| Â | Â |
ip_address_intelligence |
| Â | Â |
ip_client |
| Â | Â |
ip_with_route_domain |
| Â | Â |
is_truncated |
| Â | Â |
management_ip_address |
| Â | Â |
method |
| Â | Â |
policy_apply_date |
| Â | Â |
policy_name |
| Â | Â |
protocol |
| Â | Â |
query_string |
| Â | Â |
request |
| Â | Â |
request_status |
| Â | Â |
response |
| Â | Â |
response_code |
| Â | Â |
route_domain |
| Â | Â |
session_id |
| Â | Â |
severity |
| Â | Â |
sig_ids |
| Â | Â |
sig_names |
| Â | Â |
sig_set_names |
| Â | Â |
src_port |
| Â | Â |
sub_violations |
| Â | Â |
support_id |
| Â | Â |
unit_hostname |
| Â | Â |
uri |
| Â | Â |
username |
| Â | Â |
violation_details |
| Â | Â |
violation_rating |
| Â | Â |
violations |
| Â | Â |
virus_name |
| Â | Â |
websocket_direction |
| Â | Â |
websocket_message_type |
| Â | Â |
x_forwarded_for_header_value |
| Â | Â |
blocking_exception_reason |
| Â | Â |
captcha_result |
| Â | Â |
fragment |
| Â | Â |
management_ip_address_2 |
| Â | Â |
microservice |
| Â | Â |
sig_cves |
| Â | Â |
staged_sig_cves |
| Â | Â |
staged_sig_ids |
| Â | Â |
staged_sig_names |
| Â | Â |
staged_threat_campaign_names |
| Â | Â |
tap_event_id |
| Â | Â |
tap_vid |
| Â | Â |
threat_campaign_names |
| Â | Â |
vs_name |
| Â | Â |
web_application_name |
| Â | Â |
geo_info |
| Â | Â |
headers |
| Â | Â |
query_str |
| Â | Â |
req_status |
| Â | Â |
resp_code |
| Â | Â |
unit_host |
| Â | Â |
ip_route_domain |
| Â | Â |
manage_ip_addr |
| Â | Â |
sub_violates |
| Â | Â |
violate_details |
| Â | Â |
violate_rate |
| Â | Â |
x_fwd_hdr_val |
| Â | Â |
http_class |
| Â | Â |
req |
| Â | Â |
resp |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
rawMessage |
|  | ✓ |