Technologies supported in CEF syslog format

[ 1 About CEF Syslog format ] [ 2 How does it work ] [ 3 List of technologies ] [ 4 Sending data to Devo ]

This article contains a complete list of technologies currently supported by Devo in CEF Syslog format.

About CEF Syslog format

While we recommend sending data to Devo in Syslog format whenever possible, we have provided support for the ingestion of events received in common event format (CEF) via Syslog for some technologies. A prime example is when Arcsight is used as a log management solution and events are going to be forwarded from Arcsight directly to Devo in CEF Syslog format.

This format is comprised of a Syslog prefix containing the date/time stamp and the host, and a header that always starts with CEF - and is followed by a series of identifying fields - all of which are required. The last component is the extension and while it's technically optional, it's generally where the real event payload resides. The extension contains data in key-value pairs. Here's a model of the format and a sample CEF Syslog packet.

How does it work

You'll notice that the event contains no specific Devo tag. This is because Devo uses a different process to ingest these events. When a CEF Syslog event is sent to the platform, Devo recognizes CEF as the tag, then it proceeds to read the device vendor and device product values from the event's header. The event is then saved to a table with the name cef0.device_vendor.device_product.

So, are we saying that you can send any data to Devo in CEF Syslog format? Yes and no. Yes, because Devo will ingest the events and save them in a file determined by the date and key event fields. However, if Devo is not yet equipped with a parser for that specific event type, a table name will not subsequently appear in the Finder and you won't be able to access the data. So, yes Devo will ingest the data but a parser file is necessary in order to be able to access the data table and parse the events for display.

Contact us

If you have data you must send to Devo in CEF Syslog format, and the source technology does not appear in the list below, contact Devo professional services so they can create a parser for the data.

HTTP Ingestions

Note that it is not possible to ingest data to CEF tables using the HTTP ingestion method.

List of technologies

The following list of more than 100 technologies that Devo supports in CEF Syslog is ordered alphabetically by vendor name. Each technology is listed along with its corresponding table name that will appear in the Devo data search Finder.

Browse the technologies by vendor name or use CTRL + F to search this page.

Technology	Data table name

Technology	Data table name
Akamai	cef0.akamai.akamai_siem ^{learn more}
Amazon Web Services	cef0.amazon* ^{learn more}
AnubisNetworks Cyberfeed	cef0.anubisnetworks.cyberfeed cef0.anubisnetworks.cyberfeedRealTimeThreatIntelligence
Akamai Logger	cef0.arcsight.logger ^{learn more}
AWN CyberSOC	cef0.cybersoc.incapsula cef0.cybersoc.servicedesk
AWS VPC Flow Log	cef0.aws.vpcFlow ^{learn more}
Barracuda Web Application Firewall	cef0.barracuda.waf ^{learn more}
Barracuda Networks	cef0.barracudanetworks ^{learn more}
Blue Coat Systems	cef0.bluecoat ^{learn more}
Carbon Black Protection	cef1.carbonBlack.protection ^{learn more}
Check Point	cef0.checkPoint.antiMalware ^{learn more} cef0.checkPoint.applicationControlAndUrlFiltering ^{learn more} cef0.checkPoint.compliance ^{learn more} cef0.checkPoint.contentAwareness ^{learn more} cef0.checkPoint.endpointManagement ^{learn more} cef0.checkPoint.fde ^{learn more} cef0.checkPoint.firewall ^{learn more} cef0.checkPoint.mepp ^{learn more} cef0.checkPoint.newAntiVirus ^{learn moew} cef0.checkPoint.scheduledSystemUpdate ^{learn more} cef0.checkPoint.threatEmulation ^{learn more} cef0.checkPoint.threatExtraction ^{learn more} cef0.checkPoint.vpn1Firewall1AndContentAwareness ^{learn more} cef0.checkPoint.web_api ^{learn more} cef0.checkPoint.zeroPhishing ^{learn more}
Check Point Application Control	cef0.checkPoint.applicationControl ^{learn more}
Check Point dshield agent log	cef0.checkPoint.stormagent
Check Point Firewall	cef0.checkPoint.firewall1 cef0.checkPoint.fwm
Check Point Log Exporter	cef0.checkPoint.logUpdate (shown as cef0.check-point.log-update)
Check Point Security Compliance	cef0.checkPoint.complianceBlade cef0.checkPoint.cpmiClient
Check Point Security Gateway	cef0.checkPoint.httpsInspection cef0.checkPoint.logSystem cef0.checkPoint.securityGatewayManagement
Check Point Security Management Appliances	cef0.checkPoint.securityManagementServer
Check Point SmartDashboard	cef0.checkPoint.smartdashboard
Check Point SmartDefense	cef0.checkPoint.smartdefense
Check Point SmartView	cef0.checkPoint.smartviewMonitor cef0.checkPoint.smartviewTracker cef0.checkPoint.system cef0.checkPoint.systemMonitor
Check Point VPN Solutions	cef0.checkPoint.vpn1 cef0.checkPoint.vpn1EmbeddedConnector cef0.checkPoint.vpn1Firewall1 cef0.checkPoint.vpn1Firewall1Smartdefense
Cisco ASA	cef0.cisco.asa
Cisco Email Security	cef0.cisco.ironport
Cisco FWSM	cef0.cisco.fwsm
Cisco Intrusion Detection System	cef0.cisco.ciscoIntrusionPreventionSystem
Cisco Meraki Access Point	cef0.cisco.merakiAccessPoint ^{learn more}
Cisco NX-OS Software	cef0.cisco.nxOs
Cisco routers	cef0.cisco.ciscorouter
Cisco Secure Access Control System	cef0.cisco.ciscoSecureAcs
Cisco/Sourcefire FireSIGHT System Event Streamer (eStreamer)	cef0.sourcefire.sourcefireManagemeentConsoleEstreamer
Crowdstrike Falcon Host	cef0.crowdstrike.falconhost
CyberArk Enterprise Password Vault	cef0.cyberArk.vault
Cybereason	cef0.cybereason.* ^{learn more}
F5 ASM	cef0.f5.asm ^{learn more}
F5 BIG-IP Application Services	cef0.f5.bigIp
Fireeye Email Security	cef0.fireeye.emps cef0.fireeye.mps
Forcepoint Data Loss Prevention	cef0.forcepoint.forcepointDlp
Forcepoint Firewall	cef0.forcepoint.firewall
Forcepoint Web Security	cef0.forcepoint.security ^{learn more}
Forescout CounterACT	cef0.forescout.counteract cef0.forescoutTechnologies.counteract ^{learn more}
Fortinet FortiGate	cef0.fortinet.fortigate60e ^{learn more} cef0.fortinet.fortigate300d ^{learn more} cef0.fortinet.fortigate600e ^{learn more} cef0.fortinet.fortigate400e ^{learn more} cef0.fortinet.fortigate200e ^{learn more}
Fortinet FortiNAC	cef0.fortinet.fortinacVmCa ^{learn more}
IBM AS/400	cef0.ibm.as400
IBM Guardium	cef0.ibm.guardium ^{learn more}
IBM Security	cef0.ibm.securityAccessManager ^{learn more}
Imperva Attack Analytics	cef0.impervaInc.attackAnalytics ^{learn more}
Imperva SecureSphere MX Management Server	cef0.impervaMx.securesphere
Infoblox Network Identity Operating System	cef0.infoblox.nios
Ipswitch Secure File Transfer Software	cef0.ipswitch.sftp
Juniper Junos OS	cef0.juniper.junos
Juniper NetScreen Security	cef0.juniper.netscreenVpn
Juniper Network & Security Manager	cef0.juniper.nsm
Juniper ScreenOS Firewall	cef0.netscreen.firewallVpn
Juniper SSL VPN	cef0.juniper.juniperSsl
Kaspersky	cef0.kaspersky.kaspersky ^{learn more} cef0.kasperskylab.securitycenter ^{learn more} cef0.kaspersky.securityCenter ^{learn more} cef0.kaspersky.securityCenterNetworkAgent ^{learn more} cef0.kaspersky.kasperskyAntivirusForWindowsServersEnterpriseEdition ^{learn more} cef0.kaspersky.kasperskyEndpointSecurityForWindows ^{learn more}
Lumension Endpoint Management and Security	cef0.lumension.lumension
Malwarebytes	cef0.malwarebytes.malwarebytes-endpoint-protection ^{learn more}
McAfee ePolicy Orchestrator (McAfee ePO)	cef0.mcafee.epolicyOrchestrator
McAfee Host Intrusion Prevention	cef0.mcafee.hostIntrusionPrevention
McAfee Next Generation Firewall	cef0.mcafee.firewall
McAfee Secure Internet Gateway	cef0.mcafee.secureInternetGateway
Micro Focus ArcSight	cef0.arcsight.arcsight cef0.arcsight.cpmiClient cef0.arcsight.firewall cef0.arcsight.firewall1 cef0.arcsight.logger cef0.arcsight.panOs cef0.arcsight.smartdashboard cef0.arcsight.smartdefense cef0.arcsight.smartviewTracker cef0.arcsight.unityone cef0.arcsight.vpn1Firewall1
Microsoft Cloud App Security	cef0.mcas.siemAgent ^{learn more}
Microsoft DNS trace log	cef0.microsoft.dnsTraceLog
Microsoft Defender ATP (now Microsoft Defender for Endpoint).	cef0.microsoft.windowsDefenderAtp ^{learn more}
Microsoft Exchange Server	cef0.microsoft.exchangeServer
Microsoft Forefront Protection	cef0.microsoft.forefrontProtection
Microsoft Forefront Threat Management Gateway (formerly Microsoft ISA Server)	cef0.microsoft.isaServer
Microsoft IIS	cef0.microsoft.internetInformationServer
Microsoft Network Policy Server	cef0.microsoft.nps
Microsoft SQL Server	cef0.microsoft.sqlServer
Microsoft System Center Configuration Manager (Forefront Endpoint Connection)	cef0.microsoft.sccm_fep
Microsoft system events	cef0.microsoft.systemOrApplicationEvent
Microsoft Windows	cef0.microsoft.microsoftWindows
Nagios Network Monitoring	cef0.nagios.nagios
Palo Alto Networks PAN-OS	cef0.paloAltoNetworks.cortexXdrAgent ^{learn more} cef0.paloAltoNetworks.panOs^{learn more} cef0.paloAltoNetworks.lf^{learn more} cef0.paloAltoNetworks.paloAltoNetworksCortexXsoar^{learn more}
Powertech SIEM Agent	cef0.powertech.siemAgent
Preempt Behavioral Firewall	cef0.preemptsecurity.pbf
Proofpoint Messaging Security Gateway	cef0.proofpoint.messagingSecurityGateway
Qualys	cef0.qualys.qualys
RSA Identity Management and Governance	cef0.rsa.identityManagementService
SAP - Security Audit Log	cef0.sap.securityAuditLog
Snort Intrusion Detection (Open source)	cef0.snort.snort
SonicWall	cef0.sonicwall ^{learn more}
Sophos Anti-Virus	cef0.sophos.sophosAntiVirus
Sophos XG firewall	cef0.sophos.xg ^{learn more}
Stonesoft Firewall	cef0.stonesoft.alert cef0.stonesoft.firewall cef0.stonesoft.ips cef0.stonesoft.stonegate
Symantec	cef0.symantec.symantec
Symantec Data Loss Prevention	cef0.symantec.dlp
Symantec Email Security	cef0.symantec.mailSecurityAppliance
Symantec Endpoint Protection Mobile	cef0.symantec.symantecEndpointProtectionMobile
Symantec ProxySG (formerly by Blue Coat Systems)	cef0.bluecoat.proxyAv cef0.blueCoat.proxySg cef0.blueCoat.proxySgNavegacion
Trend Micro Control Manager	cef0.trendMicro.controlManager cef0.trendMicro.deepSecurityAgent cef0.trendMicro.deepSecurityManager
Trend Micro Deep Discovery Analyzer	cef0.trendMicro.deepDiscoveryAnalyzer ^{learn more}
Trend Micro TippingPoint Unity One IPS	cef0.trendMicro.deepDiscoveryDirector
Trend Micro XDR	cef0.trendmicro.xdr ^{learn more}
Tripwire Enterprise	cef0.tripwire.enterprise
Unix Sendmail	cef0.unix.sendmail
VMware ESX	cef0.vmware.esx
Watchguards XTM 11.x.x.	cef0.watchguards.xtm330 ^{learn more}
Websense (now part of Forcepoint)	cef0.websense.security
Zscaler	cef0.zscaler.nssweblog ^{learn more} cef0.zscaler.nssfwlog ^{learn more}

Sending data to Devo

In order to start sending data to Devo using these tags, you must configure some parameters. Go to Policies → Common Objects → Other → Syslog Configuration and enter the following data. Click here for more info.

Configuration	Detail

Configuration	Detail
Server Name	USA - collector-us.devo.io GCP (Spain) - es.elb.relay.logtrust.net EU - eu.elb.relay.logtrust.net
Server Port	443
Transport	TSL
Event formart	CEF0
Private key	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → Access Keys
Credentials	Access Keys
Certificate	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates
Credentials	X.509 Certificates.
Chain	Enter your domain private key from the Devo app. To get it, go to Administration → Credentials → X.509 Certificates.