/
cef0.varonisInc
Document toolboxDocument toolbox

cef0.varonisInc

Owned by Former user (Deleted)
Last updated: Nov 02, 2023
2 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ]

Introduction

The tables beginning with cef0.zscaler identify events in CEF format generated by Varonis products.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.zscaler.nssweblog 

  • cef0.zscaler.nssfwlog 

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

cef0.zscaler.nssfwlog

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

_cefVer

str

 

 

act

str

 

 

app

str

 

 

cat

str

 

 

cn1

int8

 

 

cn2

int8

 

 

cn3

int8

 

 

cs1

str

 

 

cs2

str

 

 

cs3Label

str

 

 

cs3

str

 

 

cs4

str

 

 

destinationServiceName

str

 

 

destinationTranslatedAddress

ip4

 

 

dst

ip4

 

 

dpt

int4

 

 

in

int8

 

 

out

int8

 

 

proto

str

 

 

sourceTranslatedAddress

ip4

 

 

spriv

str

 

 

src

ip4

 

 

spt

int4

 

 

suser

str

 

 

hostchain

str

 

tag

str

cefTag

rawMessage

str

 

 

cef0.zscaler.nssweblog

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

_cefVer

str

 

 

act

str

 

 

app

str

 

 

cat

str

 

 

cn1Label

str

 

 

cn1

int8

 

 

cs1Label

str

 

 

cs1

str

 

 

cs2Label

str

 

 

cs2

str

 

 

cs3Label

str

 

 

cs3

str

 

 

cs4Label

str

 

 

cs4

str

 

 

cs5Label

str

 

 

cs5

str

 

 

cs6Label

str

 

 

cs6

str

 

 

destinationServiceName

str

 

 

dhost

str

 

 

dst

ip4

 

 

externalId

int8

 

 

fileType

str

 

 

in

int8

 

 

outcome

str

 

 

out

int8

 

 

reason

str

 

 

requestClientApplication

str

 

 

requestMethod

str

 

 

request

str

 

 

rt

str

 

 

sourceTranslatedAddress

ip4

 

 

spriv

str

 

 

src

ip4

 

 

spt

int4

 

 

suser

str

 

 

ZscalerNSSWeblogDLPDictionaries

str

 

 

ZscalerNSSWeblogURLClass

str

 

 

requestContext

str

 

 

hostchain

str

 

tag

str

cefTag

rawMessage

str