cef0.websense
Introduction
The tables beginning with cef0.websense
identify events in CEF format generated by xss products.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.websense.securityÂ
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
cef0.websense.security
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
rawMessage |
|  | ✓ |
hostchain |
|  | ✓ |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
act |
| Â | Â |
app |
| Â | Â |
DispositionCode |
| cn1 | Â |
ScanDuration |
| cn2 | Â |
Policy |
| cs1 | Â |
DynCat |
| cs2 | Â |
ContentType |
| cs3 | Â |
destinationTranslatedPort |
| Â | Â |
dhost |
| Â | Â |
dpt |
| Â | Â |
dst |
| Â | Â |
dvc |
| Â | Â |
in |
| Â | Â |
out |
| Â | Â |
reason |
| Â | Â |
requestClientApplication |
| Â | Â |
requestMethod |
| Â | Â |
request |
| Â | Â |
rt |
| Â | Â |
spt |
| Â | Â |
src |
| Â | Â |
suser |
| Â | Â |
tag |
|  cefTag | ✓ |