cwpp.colortokens

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with cwpp.colortokens identify events generated by ColorTokens products.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as cwpp.colortokens. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
ColorTokens Xshield	`cwpp.colortokens.xshield.alert`	`cwpp.colortokens.xshield.alert`
ColorTokens Xshield	`cwpp.colortokens.xshield.audit`	`cwpp.colortokens.xshield.audit`

For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by ColorTokens Xshield are forwarded to Devo using a dedicated collector. Learn more about it in this article.

Table structure

These are the fields displayed in these tables:

cwpp.colortokens.xshield.alert
cwpp.colortokens.xshield.audit

cwpp.colortokens.xshield.alert

Field	Type	Extra fields

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`str`
status	`str`
description	`str`
category	`str`
severity	`str`
rule_id	`str`
monitoring_type	`str`
updated_date	`timestamp`
created_date	`timestamp`
mail_sent	`bool`
event	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

cwpp.colortokens.xshield.audit

Field	Type	Extra fields

Field	Type	Extra fields
eventdate	`timestamp`
hostname	`str`
id	`str`
timestamp	`timestamp`
message	`str`
meta_action	`str`
meta_roles	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓