cef0.websense
- Former user (Deleted)
Introduction
The tables beginning with cef0.websense identify events in CEF format generated by xss products.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.websense.security
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
cef0.websense.security
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
act |
|
|
|
app |
|
|
|
DispositionCode |
| cn1 |
|
ScanDuration |
| cn2 |
|
Policy |
| cs1 |
|
DynCat |
| cs2 |
|
ContentType |
| cs3 |
|
destinationTranslatedPort |
|
|
|
dhost |
|
|
|
dpt |
|
|
|
dst |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
reason |
|
|
|
requestClientApplication |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
rt |
|
|
|
spt |
|
|
|
src |
|
|
|
suser |
|
|
|
tag |
| cefTag | ✓ |