ndr.vectra
Introduction
The tags beginning with ndr.vectra
identify events generated by Vectra.
Valid tags and data tables
The full tag must have at least 3 levels. The first two are fixed as ndr.vectra
. The third level identifies the type of events sent. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Vectra Cognito Stream |
|
|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
Vectra platform |
|
|
For more information, read more About Devo tags.
How is the data sent to Devo?
Logs generated by Vectra must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rule below:
Source data -
\"metadata_([^\"]+)
Target tag -
ndr.vectra.cognito_stream.\\D1
Stop processing - ✓
Sent without syslog tag - ✓
No 3rd-party mechanism is used. No collector is needed.
Table structure
These are the fields displayed in these tables: