dlp.cososys
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with dlp.cososys identify events generated by Endpoint Protector by CoSoSys.
Valid tags and data tablesÂ
The full tag must have at least 3 levels. The first two are fixed as dlp.cososys. The third level identifies the type of events sent. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Check Point Harmony |
|
|
|
| |
|
| |
|
| |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in these tables:
dlp.cososys.endpoint_protector
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
| Â | Â |
machine |
| Â | Â |
log_type |
| vtype | Â |
hostname |
| Â | Â |
module_name |
| Â | Â |
log_name |
| Â | Â |
log_id |
| Â | Â |
event_name |
| Â | Â |
client_computer |
| Â | Â |
ip_address |
| Â | Â |
mac_address |
| Â | Â |
serial_number |
| Â | Â |
os |
| Â | Â |
epp_client_version |
| Â | Â |
client_username |
| Â | Â |
device_vid |
| Â | Â |
device_pid |
| Â | Â |
device_serial |
| Â | Â |
datetime_server |
| Â | Â |
datetime_client |
| Â | Â |
datetime_server_utc |
| Â | Â |
datetime_client_utc |
| Â | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
rawMessage |
|  | ✓ |
dlp.cososys.endpoint_protector.system_logs
Field | Type | Extra fields |
|---|---|---|
eventdate |
| Â |
machine |
| Â |
hostname |
| Â |
module_name |
| Â |
log_name |
| Â |
log_id |
| Â |
event_name |
| Â |
client_computer |
| Â |
ip_address |
| Â |
mac_address |
| Â |
serial_number |
| Â |
os |
| Â |
epp_client_version |
| Â |
client_username |
| Â |
file_name |
| Â |
file_type |
| Â |
administrator |
| Â |
section |
| Â |
action_type |
| Â |
before |
| Â |
after |
| Â |
datetime_utc |
| Â |
datetime_server |
| Â |
datetime_client |
| Â |
datetime_server_utc |
| Â |
datetime_client_utc |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
dlp.cososys.endpoint_protector.device_control
Field | Type | Extra fields |
|---|---|---|
eventdate |
| Â |
machine |
| Â |
hostname |
| Â |
module_name |
| Â |
log_name |
| Â |
log_id |
| Â |
event_name |
| Â |
client_computer |
| Â |
ip_address |
| Â |
mac_address |
| Â |
serial_number |
| Â |
os |
| Â |
client_username |
| Â |
device_type |
| Â |
device |
| Â |
device_vid |
| Â |
device_pid |
| Â |
device_serial |
| Â |
epp_client_version |
| Â |
file_name |
| Â |
file_hash |
| Â |
file_type |
| Â |
file_size |
| Â |
justification |
| Â |
time_interval |
| Â |
datetime_server |
| Â |
datetime_client |
| Â |
datetime_server_utc |
| Â |
datetime_client_utc |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
dlp.cososys.endpoint_protector.content_aware_protection
Field | Type | Extra fields |
|---|---|---|
eventdate |
| Â |
machine |
| Â |
hostname |
| Â |
module_name |
| Â |
log_name |
| Â |
log_id |
| Â |
client_computer |
| Â |
ip_address |
| Â |
mac_address |
| Â |
serial_number |
| Â |
os |
| Â |
client_username |
| Â |
content_policy |
| Â |
content_policy_type |
| Â |
destination_type |
| Â |
destination |
| Â |
destination_details |
| Â |
email_sender |
| Â |
email_subject |
| Â |
device_vid |
| Â |
device_pid |
| Â |
device_serial |
| Â |
file_name |
| Â |
file_hash |
| Â |
file_size |
| Â |
matched_item |
| Â |
item_details |
| Â |
datetime_server |
| Â |
datetime_client |
| Â |
datetime_server_utc |
| Â |
datetime_client_utc |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
dlp.cososys.endpoint_protector.otherÂ
Field | Type | Extra fields |
|---|---|---|
eventdate |
| Â |
machine |
| Â |
hostname |
| Â |
module_name |
| Â |
log_name |
| Â |
log_id |
| Â |
event_name |
| Â |
client_computer |
| Â |
ip_address |
| Â |
mac_address |
| Â |
serial_number |
| Â |
os |
| Â |
epp_client_version |
| Â |
client_username |
| Â |
device_vid |
| Â |
device_pid |
| Â |
device_serial |
| Â |
datetime_server |
| Â |
datetime_client |
| Â |
datetime_server_utc |
| Â |
datetime_client_utc |
| Â |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Â