/
cef0.skyhighSecurity

cef0.skyhighSecurity

Introduction

The Skyhigh Cloud connector for Security Service Edge (SSE) web access data sends different log types (Secure Web Gateway (SWG), Remote Browser Isolation (RBI), Private Access, and Cloud Firewall) to Devo by using a Syslog server.

Tables beginning withcef0.skyhighSecurity identify events in CEF format generated by Skyhigh Security.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

Tags

Data tables

cef0.skyhighSecurity.skyhighSecurityCloud

cef0.skyhighSecurity.skyhighSecurityCloud

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Before starting to send data to Devo, you need to configure the Skyhigh Security log files options:

Syslog-Client Host

Enter the host for the Syslog server (By default 127.0.0.1).

Syslog-Client Port

Enter the port for the Syslog server (By default 1468).

Protocol

Choose a protocol option for transport (By default, TCP).

File Format

Select CSV or JSON file format to send the log files (By default, CSV)

Visit the Vendor documentation for additional configurations.

Table structure

These are the fields displayed in this table:

cef0.skyhighSecurity.skyhighSecurityCloud

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priority_code

str

 

 

cef_tag

str

 

 

cef_version

str

 

 

emb_device_vendor

str

 

 

emb_device_product

str

 

 

device_version

str

 

 

signature_id

str

 

 

name

str

 

 

severity

str

 

 

start

str

 

 

source_username

str

 

 

device_ip

ip4

 

 

activity_name

str

 

 

actor_id_type

str

 

 

classification_names

str

 

 

content_item_id

str

 

 

content_item_name

str

 

 

content_item_type

str

 

 

file_size

str

 

 

id

str

 

 

incident_id

str

 

 

incident_risk_severity_id

str

 

 

information_destination_url

str

 

 

information_file_types

str

 

 

information_last_executed_response_label

str

 

 

information_primary_rule_group

str

 

 

information_resolution_action

str

 

 

information_user_attributes_department

str

 

 

information_user_attributes_manager

str

 

 

information_user_attributes_memberships

str

 

 

information_user_attributes_name

str

 

 

audit_event_type_event_category_id

str

 

 

audit_event_type_event_category_name

str

 

 

audit_event_type_event_type_id

str

 

 

audit_event_type_event_type_name

str

 

 

audit_event_type_sub_type_id

str

 

 

description

str

 

 

event_info

str

 

 

insertion_id

str

 

 

object_name

str

 

 

tenant_id

str

 

 

timestamp

str

 

 

user_info_first_name

str

 

 

user_info_last_name

str

 

 

user_info_user_id

str

 

 

policy_id

str

 

 

policy_name

str

 

 

response

str

 

 

risk_severity

str

 

 

service_names

str

 

 

significantly_updated_at

str

 

 

status

str

 

 

total_match_count

str

 

 

updated_on

str

 

 

hostchain

str

 

tag

str

cef_tag

rawMessage

str