cef0.skyformation
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with cef0.skyformation identify events in CEF format generated by Sky Formation.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
|---|---|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in this table:
cef0.skyformation.skyformationCloudAppsSecurity
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
act |
|
|
|
cat |
|
|
|
cn1Label |
|
|
|
cn1 |
|
|
|
cs1Label |
|
|
|
cs1 |
|
|
|
cs2Label |
|
|
|
cs2 |
|
|
|
cs6Label |
|
|
|
cs6 |
|
|
|
destinationServiceName |
|
|
|
deviceInboundInterface |
|
|
|
dhost |
|
|
|
dpriv |
|
|
|
dproc |
|
|
|
duid |
|
|
|
duser |
|
|
|
dvchost |
|
|
|
dvcpid |
|
|
|
end |
|
|
|
fileHash |
|
|
|
filePath |
|
|
|
fileType |
|
|
|
fname |
|
|
|
msg |
|
|
|
oldFilePath |
|
|
|
outcome |
|
|
|
out |
|
|
|
proto |
|
|
|
reason |
|
|
|
requestClientApplication |
|
|
|
requestCookies |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
shost |
|
|
|
smac |
|
|
|
sntdom |
|
|
|
sourceServiceName |
|
|
|
src |
|
|
|
suid |
|
|
|
suser |
|
|
|
devicePayloadId |
|
|
|
dtz |
|
|
|
ext_Act |
|
|
|
ext_AppId |
|
|
|
ext_AttCnt |
|
|
|
ext_AttSize |
|
|
|
ext_ClientAppId |
|
|
|
ext_ClientIP |
|
|
|
ext_ClientIPAddress |
|
|
|
ext_ClientInfoString |
|
|
|
ext_ClientRequestId |
|
|
|
ext_CreationTime |
|
|
|
ext_Dir |
|
|
|
ext_ExternalAccess |
|
|
|
ext_Folders_0__FolderItems_0__InternetMessageId |
|
|
|
ext_Folders_0__Id |
|
|
|
ext_Folders_0__Path |
|
|
|
ext_Id |
|
|
|
ext_InternalLogonType |
|
|
|
ext_Item_Attachments |
|
|
|
ext_Item_Id |
|
|
|
ext_Item_InternetMessageId |
|
|
|
ext_Item_IsRecord |
|
|
|
ext_Item_ParentFolder_Id |
|
|
|
ext_Item_ParentFolder_Path |
|
|
|
ext_Item_SizeInBytes |
|
|
|
ext_Item_Subject |
|
|
|
ext_LogonType |
|
|
|
ext_LogonUserSid |
|
|
|
ext_MailboxGuid |
|
|
|
ext_MailboxOwnerSid |
|
|
|
ext_MailboxOwnerUPN |
|
|
|
ext_ModifiedProperties_0_ |
|
|
|
ext_MsgId |
|
|
|
ext_MsgSize |
|
|
|
ext_Operation |
|
|
|
ext_OperationCount |
|
|
|
ext_OperationProperties_0__Name |
|
|
|
ext_OperationProperties_0__Value |
|
|
|
ext_OperationProperties_1__Name |
|
|
|
ext_OperationProperties_1__Value |
|
|
|
ext_OrganizationId |
|
|
|
ext_OrganizationName |
|
|
|
ext_OriginatingServer |
|
|
|
ext_Rcpt |
|
|
|
ext_RcptActType |
|
|
|
ext_RcptHdrType |
|
|
|
ext_RecordType |
|
|
|
ext_ResultStatus |
|
|
|
ext_Sender |
|
|
|
ext_SessionId |
|
|
|
ext_Subject |
|
|
|
ext_UserId |
|
|
|
ext_UserKey |
|
|
|
ext_UserType |
|
|
|
ext_Version |
|
|
|
ext_Workload |
|
|
|
ext__action_taken_ |
|
|
|
ext__action_taken_by_ |
|
|
|
ext__admin_id_ |
|
|
|
ext__admin_role_ |
|
|
|
ext__asset_id_ |
|
|
|
ext__cloud_app_instance_ |
|
|
|
ext__event_category___tag |
|
|
|
ext__event_type_ |
|
|
|
ext__event_type___tag |
|
|
|
ext__event_type__description |
|
|
|
ext__incident_id_ |
|
|
|
ext__involve_non_team_member_ |
|
|
|
ext__item_creator_ |
|
|
|
ext__item_name_ |
|
|
|
ext__item_owner_ |
|
|
|
ext__item_type_ |
|
|
|
ext__log_type_ |
|
|
|
ext__policy_rule_name_ |
|
|
|
ext__resource_value_new_ |
|
|
|
ext__resource_value_old_ |
|
|
|
ext__riskEventTypes_v2_ |
|
|
|
ext__source_ip_ |
|
|
|
ext__target_type_ |
|
|
|
ext_aCode |
|
|
|
ext_acc |
|
|
|
ext_action |
|
|
|
ext_actor__tag |
|
|
|
ext_actor_user__tag |
|
|
|
ext_actor_user_account_id_ |
|
|
|
ext_actor_user_display_name_ |
|
|
|
ext_actor_user_email |
|
|
|
ext_actor_user_team_member_id_ |
|
|
|
ext_appDisplayName |
|
|
|
ext_appId |
|
|
|
ext_appliedConditionalAccessPolicies_0__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_0__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_0__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_0__id |
|
|
|
ext_appliedConditionalAccessPolicies_0__result |
|
|
|
ext_appliedConditionalAccessPolicies_10__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_10__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_10__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_10__id |
|
|
|
ext_appliedConditionalAccessPolicies_10__result |
|
|
|
ext_appliedConditionalAccessPolicies_11__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_11__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_11__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_11__id |
|
|
|
ext_appliedConditionalAccessPolicies_11__result |
|
|
|
ext_appliedConditionalAccessPolicies_12__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_12__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_12__enforcedSessionControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_12__id |
|
|
|
ext_appliedConditionalAccessPolicies_12__result |
|
|
|
ext_appliedConditionalAccessPolicies_13__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_13__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_13__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_13__id |
|
|
|
ext_appliedConditionalAccessPolicies_13__result |
|
|
|
ext_appliedConditionalAccessPolicies_14__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_14__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_14__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_14__id |
|
|
|
ext_appliedConditionalAccessPolicies_14__result |
|
|
|
ext_appliedConditionalAccessPolicies_15__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_15__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_15__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_15__id |
|
|
|
ext_appliedConditionalAccessPolicies_15__result |
|
|
|
ext_appliedConditionalAccessPolicies_16__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_16__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_16__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_16__id |
|
|
|
ext_appliedConditionalAccessPolicies_16__result |
|
|
|
ext_appliedConditionalAccessPolicies_1__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_1__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_1__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_1__id |
|
|
|
ext_appliedConditionalAccessPolicies_1__result |
|
|
|
ext_appliedConditionalAccessPolicies_2__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_2__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_2__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_2__id |
|
|
|
ext_appliedConditionalAccessPolicies_2__result |
|
|
|
ext_appliedConditionalAccessPolicies_3__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_3__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_3__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_3__id |
|
|
|
ext_appliedConditionalAccessPolicies_3__result |
|
|
|
ext_appliedConditionalAccessPolicies_4__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_4__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_4__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_4__id |
|
|
|
ext_appliedConditionalAccessPolicies_4__result |
|
|
|
ext_appliedConditionalAccessPolicies_5__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_5__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_5__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_5__id |
|
|
|
ext_appliedConditionalAccessPolicies_5__result |
|
|
|
ext_appliedConditionalAccessPolicies_6__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_6__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_6__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_6__id |
|
|
|
ext_appliedConditionalAccessPolicies_6__result |
|
|
|
ext_appliedConditionalAccessPolicies_7__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_7__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_7__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_7__id |
|
|
|
ext_appliedConditionalAccessPolicies_7__result |
|
|
|
ext_appliedConditionalAccessPolicies_8__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_8__enforcedGrantControls |
|
|
|
ext_appliedConditionalAccessPolicies_8__enforcedSessionControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_8__id |
|
|
|
ext_appliedConditionalAccessPolicies_8__result |
|
|
|
ext_appliedConditionalAccessPolicies_9__displayName |
|
|
|
ext_appliedConditionalAccessPolicies_9__enforcedGrantControls_0_ |
|
|
|
ext_appliedConditionalAccessPolicies_9__enforcedSessionControls |
|
|
|
ext_appliedConditionalAccessPolicies_9__id |
|
|
|
ext_appliedConditionalAccessPolicies_9__result |
|
|
|
ext_assets |
|
|
|
ext_auditType |
|
|
|
ext_authorization_action |
|
|
|
ext_authorization_scope |
|
|
|
ext_caller |
|
|
|
ext_category |
|
|
|
ext_category_localizedValue |
|
|
|
ext_category_value |
|
|
|
ext_channels |
|
|
|
ext_claims_aio |
|
|
|
ext_claims_appid |
|
|
|
ext_claims_appidacr |
|
|
|
ext_claims_aud |
|
|
|
ext_claims_exp |
|
|
|
ext_claims_groups |
|
|
|
ext_claims_iat |
|
|
|
ext_claims_iss |
|
|
|
ext_claims_nbf |
|
|
|
ext_claims_rh |
|
|
|
ext_claims_uti |
|
|
|
ext_claims_ver |
|
|
|
ext_claims_xms_tcdt_ |
|
|
|
ext_clientAppUsed |
|
|
|
ext_conditionalAccessStatus |
|
|
|
ext_context__tag |
|
|
|
ext_context_account_id_ |
|
|
|
ext_context_display_name_ |
|
|
|
ext_context_email |
|
|
|
ext_context_team_member_id_ |
|
|
|
ext_correlationId |
|
|
|
ext_createdDateTime |
|
|
|
ext_datetime |
|
|
|
ext_description |
|
|
|
ext_details__tag |
|
|
|
ext_details_user_agent_ |
|
|
|
ext_deviceDetail_browser |
|
|
|
ext_deviceDetail_deviceId |
|
|
|
ext_deviceDetail_displayName |
|
|
|
ext_deviceDetail_isCompliant |
|
|
|
ext_deviceDetail_isManaged |
|
|
|
ext_deviceDetail_operatingSystem |
|
|
|
ext_deviceDetail_trustType |
|
|
|
ext_eventDataId |
|
|
|
ext_eventInfo |
|
|
|
ext_eventName_localizedValue |
|
|
|
ext_eventName_value |
|
|
|
ext_eventTime |
|
|
|
ext_eventTimestamp |
|
|
|
ext_field |
|
|
|
ext_httpRequest_clientIpAddress |
|
|
|
ext_httpRequest_clientRequestId |
|
|
|
ext_httpRequest_method |
|
|
|
ext_id |
|
|
|
ext_ip |
|
|
|
ext_ipAddress |
|
|
|
ext_isInteractive |
|
|
|
ext_level |
|
|
|
ext_location |
|
|
|
ext_location_city |
|
|
|
ext_location_countryOrRegion |
|
|
|
ext_location_geoCoordinates_latitude |
|
|
|
ext_location_geoCoordinates_longitude |
|
|
|
ext_location_state |
|
|
|
ext_operationId |
|
|
|
ext_operationName_localizedValue |
|
|
|
ext_operationName_value |
|
|
|
ext_origin_access_method___tag |
|
|
|
ext_origin_access_method__end_user___tag |
|
|
|
ext_origin_access_method__end_user__session_id_ |
|
|
|
ext_origin_geo_location__city |
|
|
|
ext_origin_geo_location__country |
|
|
|
ext_origin_geo_location__ip_address_ |
|
|
|
ext_origin_geo_location__region |
|
|
|
ext_participants |
|
|
|
ext_properties_eventCategory |
|
|
|
ext_properties_serviceRequestId |
|
|
|
ext_properties_statusCode |
|
|
|
ext_resourceDisplayName |
|
|
|
ext_resourceGroupName |
|
|
|
ext_resourceId |
|
|
|
ext_resourceProviderName_localizedValue |
|
|
|
ext_resourceProviderName_value |
|
|
|
ext_resourceType_localizedValue |
|
|
|
ext_resourceType_value |
|
|
|
ext_riskDetail |
|
|
|
ext_riskEventTypes |
|
|
|
ext_riskLevelAggregated |
|
|
|
ext_riskLevelDuringSignIn |
|
|
|
ext_riskState |
|
|
|
ext_serial |
|
|
|
ext_severity |
|
|
|
ext_status_errorCode |
|
|
|
ext_status_failureReason |
|
|
|
ext_status_localizedValue |
|
|
|
ext_status_value |
|
|
|
ext_subStatus_localizedValue |
|
|
|
ext_subStatus_value |
|
|
|
ext_submissionTimestamp |
|
|
|
ext_subscriptionId |
|
|
|
ext_tenantId |
|
|
|
ext_timestamp |
|
|
|
ext_user |
|
|
|
ext_userDisplayName |
|
|
|
ext_userId |
|
|
|
ext_userPrincipalName |
|
|
|
externalID |
|
|
|
flexString1 |
|
|
|
flexString1Label |
|
|
|
flexString2 |
|
|
|
flexString2Label |
|
|
|
requestContext |
|
|
|
hostchain |
|
| ✓ |
rawMessage |
|
| ✓ |
tag |
| cefTag | ✓ |