Document toolboxDocument toolbox

cef0.anubisnetworks

Owned by Juan Tomás Alonso Nieto (Deactivated)
Sept 26, 2023
1 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with cef0.anubisnetworks identify events in CEF format generated by AnubisNetworks.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

Tags

Data tables

cef0.anubisnetworks.cyberfeed

cef0.anubisnetworks.cyberfeed

cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence

cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in these tables:

cef0.anubisnetworks.cyberfeed

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

selfDomain

str

 

 

cat

str

 

 

trojanFamily

str

cs1

 

geoEnvRemoteAddrASNName

str

cs2

 

geoEnvRemoteAddrCountryName

str

cs3

 

geoEnvRemoteAddrCountryCode

str

cs4

 

geoEnvRemoteAddrRegion

str

cs5

 

geoEnvRemoteAddrCity

str

cs6

 

geoEnvRemoteAddrASNNumber

int8

cn1

 

geoEnvRemoteAddrLongitude

int8

cn2

 

geoEnvRemoteAddrLatitude

int8

cn3

 

dhost

str

 

 

dst

ip4

 

 

dpt

int4

 

 

end

timestamp

 

 

fsize

int8

 

 

msg

str

 

 

proto

str

 

 

requestClientApplication

str

 

 

requestCookies

str

 

 

requestMethod

str

 

 

request

str

 

 

rt

timestamp

 

 

shost

str

 

 

spt

int4

 

 

src

ip4

 

 

suser

str

 

 

antivirus

str

 

 

args

str

 

 

attc

str

 

 

avgsCurIpa

str

 

 

avgsCurIpc

str

 

 

avgsOldIpa

str

 

 

avgsOldIpc

str

 

 

avgsOldSeen

str

 

 

bad

str

 

 

class

str

 

 

dataExtUris

str

 

 

dataHelo

str

 

 

dataHSender

str

 

 

dataMailFrom

str

 

 

dataPTR

str

 

 

dataRemoteSysFlavor

str

 

 

dataRemoteSysLinkType

str

 

 

dataRemoteSysOS

str

 

 

dataSpike

str

 

 

dataUnknownSMTPCmdsCount

str

 

 

dataUris

str

 

 

domains

str

 

 

endDate

str

 

 

flags

str

 

 

good

str

 

 

ham

str

 

 

hits

str

 

 

httpXFF

str

 

 

lnkFrom

str

 

 

lnkFromSig

str

 

 

lnkTo

str

 

 

paction

str

 

 

payload0ResultActive

str

 

 

payload0ResultCtime

str

 

 

payload0ResultDups

str

 

 

payload0ResultH1

str

 

 

payload0ResultH2

str

 

 

payload0ResultH3

str

 

 

payload0ResultH4

str

 

 

payload0ResultHash

str

 

 

payload0ResultHit

str

 

 

payload0ResultOhash

str

 

 

payload0ResultOsig

str

 

 

payload0ResultReply

str

 

 

payload0ResultSz

str

 

 

payload0ResultWeight

str

 

 

payload0ResultWords

str

 

 

payload14Data

str

 

 

payload15ResultPatternsHits

str

 

 

payload16ResultUris

str

 

 

payload4Data

str

 

 

payload4ResultHit

str

 

 

payload4ResultReply

str

 

 

payloadFullurisData

str

 

 

payloadHashdb2ResultReply

str

 

 

payloadHashdb2Txtdata

str

 

 

payloadHashdbResultReply

str

 

 

payloadHashdbTxtdata

str

 

 

payloadMailsigsResultReply

str

 

 

payloadMailsigsTextdata

str

 

 

payloadMsnwData

str

 

 

payloadTawlData

str

 

 

payloadTemplatesData

str

 

 

payloadTemplatesResultReply

str

 

 

payloadUriblData

str

 

 

permalink

str

 

 

points

str

 

 

qtype

str

 

 

reqid

str

 

 

sd

str

 

 

signatures

str

 

 

snort

str

 

 

spam

str

 

 

tags

str

 

 

targetCategory

str

 

 

targetMd5

str

 

 

targetSha1

str

 

 

targetSha256

str

 

 

targetType

str

 

 

thits

str

 

 

tmpl

str

 

 

urisdata

str

 

 

yara

str

 

 

tag

str

cefTag

✓

rawMessage

str

 

✓

hostchain

str

 

✓

cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

selfDomain

str

 

 

cat

str

 

 

trojanFamily

str

cs1

 

geoEnvRemoteAddrASNName

str

cs2

 

geoEnvRemoteAddrCountryName

str

cs3

 

geoEnvRemoteAddrCountryCode

str

cs4

 

geoEnvRemoteAddrRegion

str

cs5

 

geoEnvRemoteAddrCity

str

cs6

 

geoEnvRemoteAddrASNNumber

int8

cn1

 

geoEnvRemoteAddrLongitude

int8

cn2

 

geoEnvRemoteAddrLatitude

int8

cn3

 

dhost

str

 

 

dst

ip4

 

 

dpt

int4

 

 

end

timestamp

 

 

fsize

int8

 

 

msg

str

 

 

proto

str

 

 

requestClientApplication

str

 

 

requestCookies

str

 

 

requestMethod

str

 

 

request

str

 

 

rt

timestamp

 

 

shost

str

 

 

spt

int4

 

 

src

ip4

 

 

suser

str

 

 

antivirus

str

 

 

args

str

 

 

attc

str

 

 

avgsCurIpa

str

 

 

avgsCurIpc

str

 

 

avgsOldIpa

str

 

 

avgsOldIpc

str

 

 

avgsOldSeen

str

 

 

bad

str

 

 

class

str

 

 

dataExtUris

str

 

 

dataHelo

str

 

 

dataHSender

str

 

 

dataMailFrom

str

 

 

dataPTR

str

 

 

dataRemoteSysFlavor

str

 

 

dataRemoteSysLinkType

str

 

 

dataRemoteSysOS

str

 

 

dataSpike

str

 

 

dataUnknownSMTPCmdsCount

str

 

 

dataUris

str

 

 

domains

str

 

 

endDate

str

 

 

flags

str

 

 

good

str

 

 

ham

str

 

 

hits

str

 

 

httpXFF

str

 

 

lnkFrom

str

 

 

lnkFromSig

str

 

 

lnkTo

str

 

 

paction

str

 

 

payload0ResultActive

str

 

 

payload0ResultCtime

str

 

 

payload0ResultDups

str

 

 

payload0ResultH1

str

 

 

payload0ResultH2

str

 

 

payload0ResultH3

str

 

 

payload0ResultH4

str

 

 

payload0ResultHash

str

 

 

payload0ResultHit

str

 

 

payload0ResultOhash

str

 

 

payload0ResultOsig

str

 

 

payload0ResultReply

str

 

 

payload0ResultSz

str

 

 

payload0ResultWeight

str

 

 

payload0ResultWords

str

 

 

payload14Data

str

 

 

payload15ResultPatternsHits

str

 

 

payload16ResultUris

str

 

 

payload4Data

str

 

 

payload4ResultHit

str

 

 

payload4ResultReply

str

 

 

payloadFullurisData

str

 

 

payloadHashdb2ResultReply

str

 

 

payloadHashdb2Txtdata

str

 

 

payloadHashdbResultReply

str

 

 

payloadHashdbTxtdata

str

 

 

payloadMailsigsResultReply

str

 

 

payloadMailsigsTextdata

str

 

 

payloadMsnwData

str

 

 

payloadTawlData

str

 

 

payloadTemplatesData

str

 

 

payloadTemplatesResultReply

str

 

 

payloadUriblData

str

 

 

permalink

str

 

 

points

str

 

 

qtype

str

 

 

reqid

str

 

 

sd

str

 

 

signatures

str

 

 

snort

str

 

 

spam

str

 

 

tags

str

 

 

targetCategory

str

 

 

targetMd5

str

 

 

targetSha1

str

 

 

targetSha256

str

 

 

targetType

str

 

 

thits

str

 

 

tmpl

str

 

 

urisdata

str

 

 

yara

str

 

 

tag

str

cefTag

✓

rawMessage

str

 

✓

hostchain

str

 

✓