Document toolboxDocument toolbox

dlp.cososys

Introduction

The tags beginning with dlp.cososys identify events generated by Endpoint Protector by CoSoSys.

Valid tags and data tables 

The full tag must have at least 3 levels. The first two are fixed as dlp.cososys. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Check Point Harmony

dlp.cososys.endpoint_protector

dlp.cososys.endpoint_protector

dlp.cososys.endpoint_protector.system_logs

dlp.cososys.endpoint_protector.system_logs

dlp.cososys.endpoint_protector.device_control

dlp.cososys.endpoint_protector.device_control

dlp.cososys.endpoint_protector.content_aware_protection

dlp.cososys.endpoint_protector.content_aware_protection

dlp.cososys.endpoint_protector.other

dlp.cososys.endpoint_protector.other

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

dlp.cososys.endpoint_protector

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

log_type

str

vtype

 

hostname

str

 

 

module_name

str

 

 

log_name

str

 

 

log_id

str

 

 

event_name

str

 

 

client_computer

str

 

 

ip_address

ip4

 

 

mac_address

str

 

 

serial_number

str

 

 

os

str

 

 

epp_client_version

str

 

 

client_username

str

 

 

device_vid

str

 

 

device_pid

str

 

 

device_serial

str

 

 

datetime_server

str

 

 

datetime_client

str

 

 

datetime_server_utc

timestamp

 

 

datetime_client_utc

timestamp

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

✓

dlp.cososys.endpoint_protector.system_logs

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

hostname

str

 

module_name

str

 

log_name

str

 

log_id

str

 

event_name

str

 

client_computer

str

 

ip_address

ip4

 

mac_address

str

 

serial_number

str

 

os

str

 

epp_client_version

str

 

client_username

str

 

file_name

str

 

file_type

str

 

administrator

str

 

section

str

 

action_type

str

 

before

str

 

after

str

 

datetime_utc

timestamp

 

datetime_server

str

 

datetime_client

str

 

datetime_server_utc

timestamp

 

datetime_client_utc

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

dlp.cososys.endpoint_protector.device_control

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

hostname

str

 

module_name

str

 

log_name

str

 

log_id

str

 

event_name

str

 

client_computer

str

 

ip_address

ip4

 

mac_address

str

 

serial_number

str

 

os

str

 

client_username

str

 

device_type

str

 

device

str

 

device_vid

str

 

device_pid

str

 

device_serial

str

 

epp_client_version

str

 

file_name

str

 

file_hash

str

 

file_type

str

 

file_size

str

 

justification

str

 

time_interval

str

 

datetime_server

str

 

datetime_client

str

 

datetime_server_utc

timestamp

 

datetime_client_utc

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

dlp.cososys.endpoint_protector.content_aware_protection

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

hostname

str

 

module_name

str

 

log_name

str

 

log_id

str

 

client_computer

str

 

ip_address

ip4

 

mac_address

str

 

serial_number

str

 

os

str

 

client_username

str

 

content_policy

str

 

content_policy_type

str

 

destination_type

str

 

destination

str

 

destination_details

str

 

email_sender

str

 

email_subject

str

 

device_vid

str

 

device_pid

str

 

device_serial

str

 

file_name

str

 

file_hash

str

 

file_size

str

 

matched_item

str

 

item_details

str

 

datetime_server

str

 

datetime_client

str

 

datetime_server_utc

timestamp

 

datetime_client_utc

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

dlp.cososys.endpoint_protector.other 

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

machine

str

 

hostname

str

 

module_name

str

 

log_name

str

 

log_id

str

 

event_name

str

 

client_computer

str

 

ip_address

ip4

 

mac_address

str

 

serial_number

str

 

os

str

 

epp_client_version

str

 

client_username

str

 

device_vid

str

 

device_pid

str

 

device_serial

str

 

datetime_server

str

 

datetime_client

str

 

datetime_server_utc

timestamp

 

datetime_client_utc

timestamp

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Â