Document toolboxDocument toolbox

box - Operating Systems

This group includes tags that start with the level box. These tags identify data generated by operating systems.

Company

Product / Service

Data tables

Company

Product / Service

Data tables

-

-

  • box.all.win

Union table - box.all.win

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

 

IBM AS/400

  • box.as400.audit.type2

  • box.as400_townsend.logagent.audit

More information

IBM z/OS

  • box.ibm.z_os.leef

More information

  • box.zos

More information

 

UNIX audit

  • box.audit.unix

Union table - box.audit.unix

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

  • box.audit.unix.audispd

  • box.audit.unix.auditd

  • box.audit.unix.goAudit

More information

UNIX osquery

  • box.osquery.unix.info

  • box.osquery.unix.results

More information

UNIX system logs

  • box.unix

More information

UNIX 8 system logs

  • box.unix8

More information

CloudWatch logs on UNIX

  • box.unix_cloudwatch

More information

UNIX stat logs

  • box.stat.unix.diskstat

  • box.stat.unix.dstatLt1

  • box.stat.unix.tags

More information

 

Devo Endpoint Agent

  • box.devo_ea

  • box.devo_ea.configuration

  • box.devo_ea.configuration.disk_info

  • box.devo_ea.configuration.groups

  • box.devo_ea.configuration.network

  • box.devo_ea.configuration.operating_system

  • box.devo_ea.configuration.system_info

  • box.devo_ea.configuration.users

  • box.devo_ea.configuration.win_software

  • box.devo_ea.detections

  • box.devo_ea.events_linux

  • box.devo_ea.events_windows

  • box.devo_ea.events_windows.application

  • box.devo_ea.events_windows.powershell

  • box.devo_ea.events_windows.security

  • box.devo_ea.events_windows.setup

  • box.devo_ea.events_windows.sysmon

  • box.devo_ea.events_windows.system

  • box.devo_ea.files

  • box.devo_ea.files.dhcp4_windows

  • box.devo_ea.files.dhcp6_windows

  • box.devo_ea.files.dns_windows

  • box.devo_ea.files.iis

  • box.devo_ea.inventories.sw_vulnerabilities

  • box.devo_ea.performance

  • box.devo_ea.performance.cpu_mem

  • box.devo_ea.performance.disk_io

  • box.devo_ea.performance.disk_usage

  • box.devo_ea.performance.disk_windows

  • box.devo_ea.performance.network

  • box.devo_ea.status

  • box.devo_ea.status.fim

  • box.devo_ea.status.listening_ports

  • box.devo_ea.status.process_open_sockets

  • box.devo_ea.status.processes

  • box.devo_ea.status.services_windows

  • box.devo_ea.status.users_loggedin

  • box.devo_ea.unknown

More information

Docker container logs

  • box.docker.stats

More information

Linux iptables

  • box.iptables

More information

macOS

  • box.macos

More information

macOS NXLog

  • box.osx_nxlog

More information

VMware

  • box.vmware.esx

  • box.vmware.firewall

  • box.vmware.vcenter

More information

 

Microsoft Azure

  • box.stat.azure.dstatLt1

  • box.stat.azure.tags

More information

Windows events

Deprecated parser

Note that the box.win parser is deprecated and no longer supported by Devo. We recommend to use the corresponding box.win_* parser for your specific technology. Learn more about these parsers below in this table.

  • box.win

More information

Windows Classic

  • box.win_classic

  • box.win_classic.application

  • box.win_classic.other

  • box.win_classic.security

  • box.win_classic.system

More information

Windows CloudWatch

  • box.win_cloudwatch

More information

Windows InTrust

  • box.win_intrust

  • box.win_intrust.application

  • box.win_intrust.invalid

  • box.win_intrust.other

  • box.win_intrust.security

  • box.win_intrust.system

More information

Windows Kinesis Agent

  • box.win_kinesis

  • box.win_kinesis.application

  • box.win_kinesis.invalid

  • box.win_kinesis.security

  • box.win_kinesis.system

More information

Windows NXLog

  • box.win_nxlog

  • box.win_nxlog.adfs

  • box.win_nxlog.application

  • box.win_nxlog.dns

  • box.win_nxlog.group_policy

  • box.win_nxlog.invalid

  • box.win_nxlog.other

  • box.win_nxlog.powershell

  • box.win_nxlog.print

  • box.win_nxlog.remote_conn

  • box.win_nxlog.security

  • box.win_nxlog.smb

  • box.win_nxlog.sysmon

  • box.win_nxlog.system

  • box.win_nxlog.windows_powershell

More information

WinQuest

  • box.win_quest.change_auditor.leef

More information

Snare Windows Agent

  • box.win_snare

  • box.win_snare.application

  • box.win_snare.other

  • box.win_snare.powershell

  • box.win_snare.security

  • box.win_snare.setup

  • box.win_snare.system

More information

SolarWinds

  • box.win_solarwinds

  • box.win_solarwinds.application

  • box.win_solarwinds.other

  • box.win_solarwinds.powershell

  • box.win_solarwinds.security

  • box.win_solarwinds.setup

  • box.win_solarwinds.system

More information

Windows System Monitor (Sysmon)

  • box.win_sysmon

More information

Winlogbeat

  • box.win_winlogbeat

  • box.win_winlogbeat.adpwprotect

  • box.win_winlogbeat.application

  • box.win_winlogbeat.applocker

  • box.win_winlogbeat.authentication

  • box.win_winlogbeat.bitsClient

  • box.win_winlogbeat.codeintegrity

  • box.win_winlogbeat.deviceguard

  • box.win_winlogbeat.forwarding

  • box.win_winlogbeat.kernelPnp

  • box.win_winlogbeat.ntlm

  • box.win_winlogbeat.oalerts

  • box.win_winlogbeat.powershell

  • box.win_winlogbeat.security

  • box.win_winlogbeat.securityMitigations

  • box.win_winlogbeat.setup

  • box.win_winlogbeat.smb

  • box.win_winlogbeat.sysmon

  • box.win_winlogbeat.system

  • box.win_winlogbeat.taskscheduler

  • box.win_winlogbeat.terminalservices

  • box.win_winlogbeat.win32k

  • box.win_winlogbeat.windows_defender

  • box.win_winlogbeat.windows_firewall

  • box.win_winlogbeat.windowsupdateclient

  • box.win_winlogbeat.wmiActivity

More information

Windows stat logs

  • box.stat.win.diskstat

  • box.stat.win.dstatLt1

  • box.stat.win.heartbeat

  • box.stat.win.tags

More information

Â