Document toolboxDocument toolbox

cef0.websense

Introduction

The tables beginning with cef0.websense identify events in CEF format generated by xss products.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.websense.security 

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

cef0.websense.security

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

rawMessage

str

 

✓

hostchain

str

 

✓

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

act

str

 

 

app

str

 

 

DispositionCode

int8

cn1

 

ScanDuration

int8

cn2

 

Policy

str

cs1

 

DynCat

str

cs2

 

ContentType

str

cs3

 

destinationTranslatedPort

int4

 

 

dhost

str

 

 

dpt

int4

 

 

dst

ip4

 

 

dvc

ip4

 

 

in

int8

 

 

out

int8

 

 

reason

str

 

 

requestClientApplication

str

 

 

requestMethod

str

 

 

request

str

 

 

rt

timestamp

 

 

spt

int4

 

 

src

ip4

 

 

suser

str

 

 

tag

str

 cefTag

✓