cef0.sonicwall
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
Introduction
The tags beginning with cef0.sonicwall identify events in CEF format generated by SonicWall.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
|---|---|
|
|
|
|
|
|
|
|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in these tables:
cef0.sonicwall.nsa2700
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a4Label |
|
|
|
cn1Label |
|
|
|
cn2Label |
|
|
|
cn3Label |
|
|
|
cs1Label |
|
|
|
cs1 |
|
|
|
cs2Label |
|
|
|
cs2 |
|
|
|
cs3Label |
|
|
|
cs4Label |
|
|
|
cs6 |
|
|
|
deviceInboundInterface |
|
|
|
deviceOutboundInterface |
|
|
|
dmac |
|
|
|
dst |
|
|
|
dpt |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
reason |
|
|
|
request |
|
|
|
rt |
|
|
|
smac |
|
|
|
src |
|
|
|
spt |
|
|
|
ad_dnpt |
|
|
|
ad_dpi |
|
|
|
ad_fw__action |
|
|
|
ad_gcat |
|
|
|
ad_snpt |
|
|
|
agentZoneURI |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
amac |
|
|
|
art |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
customerURI |
|
|
|
destinationZoneURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventId |
|
|
|
geid |
|
|
|
sourceZoneURI |
|
|
|
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
cef0.sonicwall.nsa3600
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a4Label |
|
|
|
cn1Label |
|
|
|
cn1 |
|
|
|
cn2Label |
|
|
|
cn2 |
|
|
|
cn3Label |
|
|
|
cs1Label |
|
|
|
cs2Label |
|
|
|
cs2 |
|
|
|
cs3Label |
|
|
|
cs4Label |
|
|
|
cs5Label |
|
|
|
cs6 |
|
|
|
deviceInboundInterface |
|
|
|
deviceOutboundInterface |
|
|
|
dmac |
|
|
|
dst |
|
|
|
dpt |
|
|
|
dvc |
|
|
|
in |
|
|
|
msg |
|
|
|
out |
|
|
|
rt |
|
|
|
smac |
|
|
|
src |
|
|
|
spt |
|
|
|
ad_dnpt |
|
|
|
ad_dpi |
|
|
|
ad_dstV6 |
|
|
|
ad_fw__action |
|
|
|
ad_gcat |
|
|
|
ad_snpt |
|
|
|
ad_srcV6 |
|
|
|
ad_susr |
|
|
|
agentZoneURI |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
amac |
|
|
|
art |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
categoryBehavior |
|
|
|
categoryDeviceGroup |
|
|
|
categoryObject |
|
|
|
categoryOutcome |
|
|
|
categorySignificance |
|
|
|
customerURI |
|
|
|
destinationZoneURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventId |
|
|
|
geid |
|
|
|
sourceZoneURI |
|
|
|
type |
|
|
|
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
cef0.sonicwall.nsa4600
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a4Label |
|
|
|
cn1Label |
|
|
|
cn2Label |
|
|
|
cn3Label |
|
|
|
cs3Label |
|
|
|
cs4Label |
|
|
|
deviceInboundInterface |
|
|
|
deviceOutboundInterface |
|
|
|
dmac |
|
|
|
dst |
|
|
|
dpt |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
rt |
|
|
|
smac |
|
|
|
src |
|
|
|
spt |
|
|
|
ad_appName |
|
|
|
ad_dpi |
|
|
|
ad_fw__action |
|
|
|
ad_gcat |
|
|
|
agentZoneURI |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
amac |
|
|
|
art |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
categoryBehavior |
|
|
|
categoryDeviceGroup |
|
|
|
categoryObject |
|
|
|
categoryOutcome |
|
|
|
categorySignificance |
|
|
|
customerURI |
|
|
|
destinationZoneURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventId |
|
|
|
geid |
|
|
|
sourceZoneURI |
|
|
|
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
cef0.sonicwall.tz500
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a4Label |
|
|
|
cn1Label |
|
|
|
cn2Label |
|
|
|
cn3Label |
|
|
|
cs1 |
|
|
|
cs3Label |
|
|
|
cs4Label |
|
|
|
cs5Label |
|
|
|
deviceInboundInterface |
|
|
|
deviceOutboundInterface |
|
|
|
dmac |
|
|
|
dst |
|
|
|
dpt |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
rt |
|
|
|
src |
|
|
|
spt |
|
|
|
ad_gcat |
|
|
|
ad_susr |
|
|
|
agentZoneURI |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
amac |
|
|
|
art |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
destinationZoneURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventId |
|
|
|
geid |
|
|
|
sourceZoneURI |
|
|
|
type |
|
|
|
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
cef0.sonicwall.tz600
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
hostname |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a4Label |
|
|
|
cs1Label |
|
|
|
cs1 |
|
|
|
cs2Label |
|
|
|
cs2 |
|
|
|
cs3Label |
|
|
|
cs4Label |
|
|
|
cs5Label |
|
|
|
cs6 |
|
|
|
deviceInboundInterface |
|
|
|
deviceOutboundInterface |
|
|
|
dhost |
|
|
|
dmac |
|
|
|
dst |
|
|
|
dpt |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
reason |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
rt |
|
|
|
shost |
|
|
|
smac |
|
|
|
src |
|
|
|
spt |
|
|
|
ad_dnpt |
|
|
|
ad_dpi |
|
|
|
ad_fw__action |
|
|
|
ad_gcat |
|
|
|
ad_snpt |
|
|
|
ad_susr |
|
|
|
agentZoneURI |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
amac |
|
|
|
art |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
categoryBehavior |
|
|
|
categoryDeviceGroup |
|
|
|
categoryObject |
|
|
|
categoryOutcome |
|
|
|
categorySignificance |
|
|
|
customerURI |
|
|
|
destinationZoneURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventId |
|
|
|
geid |
|
|
|
sourceZoneURI |
|
|
|
type |
|
|
|
hostchain |
|
| ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |