Document toolboxDocument toolbox

dmp.cohesity

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Apr 22, 2024
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with dmp.cohesity identify events generated by Cohesity.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as dmp.cohesity. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Cohesity Helios

dmp.cohesity.helios.alerts

dmp.cohesity.helios.alerts

dmp.cohesity.helios.audit

dmp.cohesity.helios.audit

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

dmp.cohesity.helios.alerts

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

id

str

 

alert_code

str

 

first_timestamp_usecs

int8

 

latest_timestamp_usecs

int8

 

alert_category

str

 

alert_type

int4

 

severity

str

 

alert_state

str

 

property_list

str

 

dedup_timestamps

str

 

dedup_count

int4

 

alert_name

str

 

alert_description

str

 

alert_cause

str

 

alert_help_text

str

 

cluster_name

str

 

cluster_id

str

 

event_source

str

 

alert_type_bucket

str

 

at_devo_pulling_id

str

 

hostchain

str

 ✓

tag

str

 ✓

rawMessage

str

 ✓

dmp.cohesity.helios.audit

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

details

str

 

 

 

username

str

 

 

 

domain

str

 

 

 

source_type

str

 

 

 

entity_name

str

 

 

 

entity_type

str

 

 

 

action

str

 

 

 

timestamp_usecs

int8

 

 

 

ip

str

 

 

 

ipv4

ip4

 

 

 

ipv6

ip6

 

 

 

is_impersonation

bool

 

 

 

cluster_identifier

str

 

 

 

cluster_name

str

 

 

 

tenant_id

str

 

 

 

original_tenant_id

str

 

 

 

previous_record

str

 

 

 

service_context

str

 

 

 

new_record_name

str

join(new_record_name_array, ',')

new_record_name_array

 

new_record_label

str

join(new_record_label_array, ',')

new_record_label_array

 

new_record_privileges

str

join(new_record_privileges_array, ',')

new_record_privileges_array

 

new_record_is_custom_role

str

new_record_is_custom_role_array

 

new_record_tenant_ids

str

new_record_tenant_ids_array

 

new_record_username

str

new_record_username_array

 

new_record_domain

str

new_record_domain_array

 

new_record_email_address

str

new_record_email_address_array

 

new_record_roles

str

new_record_roles_array

 

new_record_privilege_ids

str

new_record_privilege_ids_array

 

new_record_cluster_identifiers

str

new_record_cluster_identifiers_array

 

new_record_effective_time_msecs

str

new_record_effective_time_msecs_array

 

new_record_restricted

str

new_record_restricted_array

 

new_record_created_time_msecs

str

new_record_created_time_msecs_array

 

new_record_last_updated_time_msecs

str

new_record_last_updated_time_msecs_array

 

new_record_sid

str

new_record_sid_array

 

new_record_s3_account_id

str

new_record_s3_account_id_array

 

new_record_s3_access_key_id

str

new_record_s3_access_key_id_array

 

new_record_s3_secret_key

str

new_record_s3_secret_key_array

 

new_record_force_password_change

str

new_record_force_password_change_array

 

new_record_is_account_locked

str

new_record_is_account_locked_array

 

new_record_lockout_reason

str

new_record_lockout_reason_array

 

new_record_last_successful_login_time_msecs

str

new_record_last_successful_login_time_msecs_array

 

new_record_mfa_info_is_user_exempt_from_mfa_str

str

new_record_mfa_info_is_user_exempt_from_mfa

 

new_record_mfa_info_is_totp_setup_done_str

str

new_record_mfa_info_is_totp_setup_done

 

new_record_description

str

new_record_description_array

 

new_record_domain_name

str

new_record_domain_name_array

 

new_record_machine_accounts

str

new_record_machine_accounts_array

 

new_record_ou_name

str

new_record_ou_name_array

 

new_record_workgroup

str

new_record_workgroup_array

 

new_record_preferred_domain_controllers

str

new_record_preferred_domain_controllers_array

 

new_record_trusted_domains_enabled

str

new_record_trusted_domains_enabled_array

 

new_record_task_path

str

new_record_task_path_array

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓