cef0.websense
- Former user (Deleted)
- Virginia Camuñas Núñez
Introduction
The tables beginning with cef0.websense identify events in CEF format generated by xss products.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.websense.security
How is the data sent to Devo?
CEF data can be sent directly to Devo or by using a relay. To use the CEF default relay rule, send to the relay’s port 13000. Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
cef0.websense.security
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
act |
|
|
|
app |
|
|
|
DispositionCode |
| cn1 |
|
ScanDuration |
| cn2 |
|
Policy |
| cs1 |
|
DynCat |
| cs2 |
|
ContentType |
| cs3 |
|
destinationTranslatedPort |
|
|
|
dhost |
|
|
|
dpt |
|
|
|
dst |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
reason |
|
|
|
requestClientApplication |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
rt |
|
|
|
spt |
|
|
|
src |
|
|
|
suser |
|
|
|
tag |
| cefTag | ✓ |