Document toolboxDocument toolbox

seg.checkpoint

Introduction

The tags beginning with seg.checkpoint identify events generated by Check Point.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as seg.checkpoint. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Check Point Harmony

seg.checkpoint.harmony.event

seg.checkpoint.harmony.event

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

seg.checkpoint.harmony.event

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

priority

str

 

version

str

 

timestamp

timestamp

 

hostname

str

 

app_name

str

 

id

str

 

event_type

str

 

product_family

str

 

malicious_content

str

 

time

str

 

to

str

 

email_subject

str

 

verdict

str

 

resource

str

 

product

str

 

scope

str

 

action

str

 

from_email

str

 

user

str

 

rule_id

str

 

email_queue_id

str

 

from_nickname

str

 

app_id

str

 

severity

str

 

confidence_level

str

 

email_message_id

str

 

appi_name

str

 

sender_domain

str

 

account

str

 

source_ip

ip4

 

additional_records

str

 

message

str

 

hostchain

str

 ✓

tag

str

 ✓

rawMessage

str

 ✓

Â