cef0.skyhighSecurity
Introduction
The Skyhigh Cloud connector for Security Service Edge (SSE) web access data sends different log types (Secure Web Gateway (SWG), Remote Browser Isolation (RBI), Private Access, and Cloud Firewall) to Devo by using a Syslog server.
Tables beginning withcef0.skyhighSecurity
identify events in CEF format generated by Skyhigh Security.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
---|---|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Before starting to send data to Devo, you need to configure the Skyhigh Security log files options:
Syslog-Client Host | Enter the host for the Syslog server (By default |
---|---|
Syslog-Client Port | Enter the port for the Syslog server (By default |
Protocol | Choose a protocol option for transport (By default, |
File Format | Select CSV or JSON file format to send the log files (By default, |
Visit the Vendor documentation for additional configurations.
Table structure
These are the fields displayed in this table:
cef0.skyhighSecurity.skyhighSecurityCloud
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priority_code |
|
|
|
cef_tag |
|
|
|
cef_version |
|
|
|
emb_device_vendor |
|
|
|
emb_device_product |
|
|
|
device_version |
|
|
|
signature_id |
|
|
|
name |
|
|
|
severity |
|
|
|
start |
|
|
|
source_username |
|
|
|
device_ip |
|
|
|
activity_name |
|
|
|
actor_id_type |
|
|
|
classification_names |
|
|
|
content_item_id |
|
|
|
content_item_name |
|
|
|
content_item_type |
|
|
|
file_size |
|
|
|
id |
|
|
|
incident_id |
|
|
|
incident_risk_severity_id |
|
|
|
information_destination_url |
|
|
|
information_file_types |
|
|
|
information_last_executed_response_label |
|
|
|
information_primary_rule_group |
|
|
|
information_resolution_action |
|
|
|
information_user_attributes_department |
|
|
|
information_user_attributes_manager |
|
|
|
information_user_attributes_memberships |
|
|
|
information_user_attributes_name |
|
|
|
audit_event_type_event_category_id |
|
|
|
audit_event_type_event_category_name |
|
|
|
audit_event_type_event_type_id |
|
|
|
audit_event_type_event_type_name |
|
|
|
audit_event_type_sub_type_id |
|
|
|
description |
|
|
|
event_info |
|
|
|
insertion_id |
|
|
|
object_name |
|
|
|
tenant_id |
|
|
|
timestamp |
|
|
|
user_info_first_name |
|
|
|
user_info_last_name |
|
|
|
user_info_user_id |
|
|
|
policy_id |
|
|
|
policy_name |
|
|
|
response |
|
|
|
risk_severity |
|
|
|
service_names |
|
|
|
significantly_updated_at |
|
|
|
status |
|
|
|
total_match_count |
|
|
|
updated_on |
|
|
|
hostchain |
|
| ✓ |
tag |
| cef_tag | ✓ |
rawMessage |
|
| ✓ |