cef0.kaspersky
Introduction
The tables cef0.kaspersky
identify events in CEF format generated by Kaspersky services.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
cef0.kaspersky.kaspersky
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
priorityCode |
| Â | Â |
cefTag |
| Â | Â |
cefVersion |
| Â | Â |
embDeviceVendor |
| Â | Â |
embDeviceProduct |
| Â | Â |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
_cefVer |
| Â | Â |
act |
| Â | Â |
app |
| Â | Â |
cat |
| Â | Â |
c6a1Label |
| Â | Â |
c6a1 |
| Â | Â |
c6a2Label |
| Â | Â |
c6a2 |
| Â | Â |
c6a3Label |
| Â | Â |
c6a3 |
| Â | Â |
c6a4Label |
| Â | Â |
c6a4 |
| Â | Â |
cfp1Label |
| Â | Â |
cfp1 |
| Â | Â |
cfp2Label |
| Â | Â |
cfp2 |
| Â | Â |
cfp3Label |
| Â | Â |
cfp3 |
| Â | Â |
cfp4Label |
| Â | Â |
cfp4 |
| Â | Â |
cn1Label |
| Â | Â |
cn1 |
| Â | Â |
cn2Label |
| Â | Â |
cn2 |
| Â | Â |
cn3Label |
| Â | Â |
cn3 |
| Â | Â |
cnt |
| Â | Â |
cs1Label |
| Â | Â |
cs1 |
| Â | Â |
cs2Label |
| Â | Â |
cs2 |
| Â | Â |
cs3Label |
| Â | Â |
cs3 |
| Â | Â |
cs4Label |
| Â | Â |
cs4 |
| Â | Â |
cs5Label |
| Â | Â |
cs5 |
| Â | Â |
cs6Label |
| Â | Â |
cs6 |
| Â | Â |
destinationDnsDomain |
| Â | Â |
destinationServiceName |
| Â | Â |
destinationTranslatedAddress |
| Â | Â |
destinationTranslatedPort |
| Â | Â |
deviceCustomDate1Label |
| Â | Â |
deviceCustomDate1 |
| Â | Â |
deviceCustomDate2Label |
| Â | Â |
deviceCustomDate2 |
| Â | Â |
deviceDirection |
| Â | Â |
deviceDnsDomain |
| Â | Â |
deviceExternalId |
| Â | Â |
deviceInboundInterface |
| Â | Â |
deviceMacAddress |
| Â | Â |
deviceNtDomain |
| Â | Â |
deviceOutboundInterface |
| Â | Â |
deviceProcessName |
| Â | Â |
deviceTranslatedAddress |
| Â | Â |
dhost |
| Â | Â |
dmac |
| Â | Â |
dntdom |
| Â | Â |
dpid |
| Â | Â |
dpriv |
| Â | Â |
dproc |
| Â | Â |
dst |
| Â | Â |
duid |
| Â | Â |
duser |
| Â | Â |
dvchost |
| Â | Â |
dvc |
| Â | Â |
dvcpid |
| Â | Â |
end |
| Â | Â |
deviceFacility |
| Â | Â |
externalId |
| Â | Â |
fileCreateTime |
| Â | Â |
fileHash |
| Â | Â |
fileId |
| Â | Â |
fileModificationTime |
| Â | Â |
filePath |
| Â | Â |
filePermission |
| Â | Â |
fileType |
| Â | Â |
fname |
| Â | Â |
fsize |
| Â | Â |
in |
| Â | Â |
msg |
| Â | Â |
oldFileCreateTime |
| Â | Â |
oldFileHash |
| Â | Â |
oldFileId |
| Â | Â |
oldFileModificationTime |
| Â | Â |
oldFileName |
| Â | Â |
oldFilePath |
| Â | Â |
oldFilePermission |
| Â | Â |
oldFileSize |
| Â | Â |
oldFileType |
| Â | Â |
outcome |
| Â | Â |
out |
| Â | Â |
proto |
| Â | Â |
reason |
| Â | Â |
requestClientApplication |
| Â | Â |
requestCookies |
| Â | Â |
requestMethod |
| Â | Â |
request |
| Â | Â |
rt |
| Â | Â |
shost |
| Â | Â |
smac |
| Â | Â |
sntdom |
| Â | Â |
sourceDnsDomain |
| Â | Â |
sourceServiceName |
| Â | Â |
sourceTranslatedAddress |
| Â | Â |
sourceTranslatedPort |
| Â | Â |
spid |
| Â | Â |
spriv |
| Â | Â |
sproc |
| Â | Â |
spt |
| Â | Â |
src |
| Â | Â |
start |
| Â | Â |
suid |
| Â | Â |
suser |
| Â | Â |
catdt |
| Â | Â |
deviceDomain |
| Â | Â |
deviceSeverity |
| Â | Â |
dpt |
| Â | Â |
dtz |
| Â | Â |
dvcmac |
| Â | Â |
endTime |
| Â | Â |
eventId |
| Â | Â |
flexNumber1 |
| Â | Â |
flexNumber1Label |
| Â | Â |
flexNumber2 |
| Â | Â |
flexNumber2Label |
| Â | Â |
flexString1 |
| Â | Â |
flexString1Label |
| Â | Â |
flexString2 |
| Â | Â |
flexString2Label |
| Â | Â |
modelConfidence |
| Â | Â |
priority |
| Â | Â |
relevance |
| Â | Â |
requestContext |
| Â | Â |
sessionId |
| Â | Â |
slat |
| Â | Â |
slong |
| Â | Â |
dlat |
| Â | Â |
dlong |
| Â | Â |
sourceGeoCountryCode |
| Â | Â |
sourceGeoLocationInfo |
| Â | Â |
sourceGeoPostalCode |
| Â | Â |
sourceGeoRegionCode |
| Â | Â |
destinationGeoCountryCode |
| Â | Â |
destinationGeoLocationInfo |
| Â | Â |
destinationGeoPostalCode |
| Â | Â |
destinationGeoRegionCode |
| Â | Â |
agt |
| Â | Â |
ahost |
| Â | Â |
art |
| Â | Â |
atz |
| Â | Â |
mrt |
| Â | Â |
categoryBehavior |
| Â | Â |
categoryCustomFormatField |
| Â | Â |
categoryDeviceGroup |
| Â | Â |
categoryObject |
| Â | Â |
categoryOutcome |
| Â | Â |
categorySignificance |
| Â | Â |
categoryTechnique |
| Â | Â |
categoryTupleDescription |
| Â | Â |
assetCriticality |
| Â | Â |
customerID |
| Â | Â |
customerURI |
| Â | Â |
tag |
| cefTag | ✓ |
rawMessage |
|  | ✓ |
hostchain |
|  | ✓ |
cef0.kaspersky.kasperskyAntivirusForWindowsServersEnterpriseEdition
Â
cef0.kaspersky.kasperskyEndpointSecurityForWindows
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
hostname |
| Â | Â |
priorityCode |
| Â | Â |
cefTag |
| Â | Â |
cefVersion |
| Â | Â |
embDeviceVendor |
| Â | Â |
embDeviceProduct |
| Â | Â |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
_cefVer |
| Â | Â |
dntdom |
| Â | Â |
cs3Label |
| Â | Â |
msg |
| Â | Â |
dvchost |
| Â | Â |
cs4Label |
| Â | Â |
cs1 |
| Â | Â |
dst |
| Â | Â |
externalId |
| Â | Â |
cn3Label |
| Â | Â |
cat |
| Â | Â |
cs6 |
| Â | Â |
rt |
| Â | Â |
end |
| Â | Â |
fname |
| Â | Â |
out |
| Â | Â |
cs2Label |
| Â | Â |
cs5Label |
| Â | Â |
dhost |
| Â | Â |
act |
| Â | Â |
in |
| Â | Â |
cs6Label |
| Â | Â |
cn3 |
| Â | Â |
cs1Label |
| Â | Â |
dtz |
| Â | Â |
eventAnnotationAuditTrail |
| Â | Â |
eventAnnotationVersion |
| Â | Â |
eventAnnotationModificationTime |
| Â | Â |
art |
| Â | Â |
originalAgentAddress |
| Â | Â |
eventId |
| Â | Â |
at |
| Â | Â |
mrt |
| Â | Â |
customerURI |
| Â | Â |
dlat |
| Â | Â |
originalAgentZoneURI |
| Â | Â |
destinationZoneID |
| Â | Â |
assetCriticality |
| Â | Â |
eventAnnotationFlags |
| Â | Â |
agt |
| Â | Â |
modelConfidence |
| Â | Â |
aid |
| Â | Â |
amac |
| Â | Â |
Severity |
| Â | Â |
destinationZoneExternalID |
| Â | Â |
relevance |
| Â | Â |
av |
| Â | Â |
eventAnnotationStageUpdateTime |
| Â | Â |
catdt |
| Â | Â |
locality |
| Â | Â |
ahost |
| Â | Â |
originalAgentVersion |
| Â | Â |
customerID |
| Â | Â |
dlong |
| Â | Â |
atz |
| Â | Â |
originalAgentMacAddress |
| Â | Â |
originalAgentType |
| Â | Â |
deviceSeverity |
| Â | Â |
flexString1 |
| Â | Â |
originalAgentId |
| Â | Â |
eventAnnotationManagerReceiptTime |
| Â | Â |
originalAgentHostName |
| Â | Â |
priority |
| Â | Â |
eventAnnotationEndTime |
| Â | Â |
destinationZoneURI |
| Â | Â |
hostchain |
|  | ✓ |
tag |
| cefTag | ✓ |
rawMessage |
|  | ✓ |
cef0.kaspersky.securityCenter
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
priorityCode |
| Â | Â |
cefTag |
| Â | Â |
cefVersion |
| Â | Â |
embDeviceVendor |
| Â | Â |
embDeviceProduct |
| Â | Â |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
_cefVer |
| Â | Â |
act |
| Â | Â |
app |
| Â | Â |
cat |
| Â | Â |
c6a1Label |
| Â | Â |
c6a1 |
| Â | Â |
c6a2Label |
| Â | Â |
c6a2 |
| Â | Â |
c6a3Label |
| Â | Â |
c6a3 |
| Â | Â |
c6a4Label |
| Â | Â |
c6a4 |
| Â | Â |
cfp1Label |
| Â | Â |
cfp1 |
| Â | Â |
cfp2Label |
| Â | Â |
cfp2 |
| Â | Â |
cfp3Label |
| Â | Â |
cfp3 |
| Â | Â |
cfp4Label |
| Â | Â |
cfp4 |
| Â | Â |
cn1Label |
| Â | Â |
cn1 |
| Â | Â |
cn2Label |
| Â | Â |
cn2 |
| Â | Â |
cn3Label |
| Â | Â |
cn3 |
| Â | Â |
cnt |
| Â | Â |
cs1Label |
| Â | Â |
cs1 |
| Â | Â |
cs2Label |
| Â | Â |
cs2 |
| Â | Â |
cs3Label |
| Â | Â |
cs3 |
| Â | Â |
cs4Label |
| Â | Â |
cs4 |
| Â | Â |
cs5Label |
| Â | Â |
cs5 |
| Â | Â |
cs6Label |
| Â | Â |
cs6 |
| Â | Â |
destinationDnsDomain |
| Â | Â |
destinationServiceName |
| Â | Â |
destinationTranslatedAddress |
| Â | Â |
destinationTranslatedPort |
| Â | Â |
deviceCustomDate1Label |
| Â | Â |
deviceCustomDate1 |
| Â | Â |
deviceCustomDate2Label |
| Â | Â |
deviceCustomDate2 |
| Â | Â |
deviceDirection |
| Â | Â |
deviceDnsDomain |
| Â | Â |
deviceExternalId |
| Â | Â |
deviceInboundInterface |
| Â | Â |
deviceMacAddress |
| Â | Â |
deviceNtDomain |
| Â | Â |
deviceOutboundInterface |
| Â | Â |
deviceProcessName |
| Â | Â |
deviceTranslatedAddress |
| Â | Â |
dhost |
| Â | Â |
dmac |
| Â | Â |
dntdom |
| Â | Â |
dpid |
| Â | Â |
dpriv |
| Â | Â |
dproc |
| Â | Â |
dst |
| Â | Â |
duid |
| Â | Â |
duser |
| Â | Â |
dvchost |
| Â | Â |
dvc |
| Â | Â |
dvcpid |
| Â | Â |
end |
| Â | Â |
deviceFacility |
| Â | Â |
externalId |
| Â | Â |
fileCreateTime |
| Â | Â |
fileHash |
| Â | Â |
fileId |
| Â | Â |
fileModificationTime |
| Â | Â |
filePath |
| Â | Â |
filePermission |
| Â | Â |
fileType |
| Â | Â |
fname |
| Â | Â |
fsize |
| Â | Â |
in |
| Â | Â |
msg |
| Â | Â |
oldFileCreateTime |
| Â | Â |
oldFileHash |
| Â | Â |
oldFileId |
| Â | Â |
oldFileModificationTime |
| Â | Â |
oldFileName |
| Â | Â |
oldFilePath |
| Â | Â |
oldFilePermission |
| Â | Â |
oldFileSize |
| Â | Â |
oldFileType |
| Â | Â |
outcome |
| Â | Â |
out |
| Â | Â |
proto |
| Â | Â |
reason |
| Â | Â |
requestClientApplication |
| Â | Â |
requestCookies |
| Â | Â |
requestMethod |
| Â | Â |
request |
| Â | Â |
rt |
| Â | Â |
shost |
| Â | Â |
smac |
| Â | Â |
sntdom |
| Â | Â |
sourceDnsDomain |
| Â | Â |
sourceServiceName |
| Â | Â |
sourceTranslatedAddress |
| Â | Â |
sourceTranslatedPort |
| Â | Â |
spid |
| Â | Â |
spriv |
| Â | Â |
sproc |
| Â | Â |
spt |
| Â | Â |
src |
| Â | Â |
start |
| Â | Â |
suid |
| Â | Â |
suser |
| Â | Â |
catdt |
| Â | Â |
deviceDomain |
| Â | Â |
deviceSeverity |
| Â | Â |
dpt |
| Â | Â |
dtz |
| Â | Â |
dvcmac |
| Â | Â |
endTime |
| Â | Â |
eventId |
| Â | Â |
flexNumber1 |
| Â | Â |
flexNumber1Label |
| Â | Â |
flexNumber2 |
| Â | Â |
flexNumber2Label |
| Â | Â |
flexString1 |
| Â | Â |
flexString1Label |
| Â | Â |
flexString2 |
| Â | Â |
flexString2Label |
| Â | Â |
modelConfidence |
| Â | Â |
priority |
| Â | Â |
relevance |
| Â | Â |
requestContext |
| Â | Â |
sessionId |
| Â | Â |
slat |
| Â | Â |
slong |
| Â | Â |
dlat |
| Â | Â |
dlong |
| Â | Â |
sourceGeoCountryCode |
| Â | Â |
sourceGeoLocationInfo |
| Â | Â |
sourceGeoPostalCode |
| Â | Â |
sourceGeoRegionCode |
| Â | Â |
destinationGeoCountryCode |
| Â | Â |
destinationGeoLocationInfo |
| Â | Â |
destinationGeoPostalCode |
| Â | Â |
destinationGeoRegionCode |
| Â | Â |
agt |
| Â | Â |
ahost |
| Â | Â |
art |
| Â | Â |
atz |
| Â | Â |
mrt |
| Â | Â |
categoryBehavior |
| Â | Â |
categoryCustomFormatField |
| Â | Â |
categoryDeviceGroup |
| Â | Â |
categoryObject |
| Â | Â |
categoryOutcome |
| Â | Â |
categorySignificance |
| Â | Â |
categoryTechnique |
| Â | Â |
categoryTupleDescription |
| Â | Â |
assetCriticality |
| Â | Â |
customerID |
| Â | Â |
customerURI |
| Â | Â |
tag |
| cefTag | ✓ |
rawMessage |
|  | ✓ |
hostchain |
|  | ✓ |
cef0.kaspersky.securityCenterNetworkAgent
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
| Â | Â |
priorityCode |
| Â | Â |
cefTag |
| Â | Â |
cefVersion |
| Â | Â |
embDeviceVendor |
| Â | Â |
embDeviceProduct |
| Â | Â |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
_cefVer |
| Â | Â |
act |
| Â | Â |
app |
| Â | Â |
cat |
| Â | Â |
c6a1Label |
| Â | Â |
c6a1 |
| Â | Â |
c6a2Label |
| Â | Â |
c6a2 |
| Â | Â |
c6a3Label |
| Â | Â |
c6a3 |
| Â | Â |
c6a4Label |
| Â | Â |
c6a4 |
| Â | Â |
cfp1Label |
| Â | Â |
cfp1 |
| Â | Â |
cfp2Label |
| Â | Â |
cfp2 |
| Â | Â |
cfp3Label |
| Â | Â |
cfp3 |
| Â | Â |
cfp4Label |
| Â | Â |
cfp4 |
| Â | Â |
cn1Label |
| Â | Â |
cn1 |
| Â | Â |
cn2Label |
| Â | Â |
cn2 |
| Â | Â |
cn3Label |
| Â | Â |
cn3 |
| Â | Â |
cnt |
| Â | Â |
cs1Label |
| Â | Â |
cs1 |
| Â | Â |
cs2Label |
| Â | Â |
cs2 |
| Â | Â |
cs3Label |
| Â | Â |
cs3 |
| Â | Â |
cs4Label |
| Â | Â |
cs4 |
| Â | Â |
cs5Label |
| Â | Â |
cs5 |
| Â | Â |
cs6Label |
| Â | Â |
cs6 |
| Â | Â |
destinationDnsDomain |
| Â | Â |
destinationServiceName |
| Â | Â |
destinationTranslatedAddress |
| Â | Â |
destinationTranslatedPort |
| Â | Â |
deviceCustomDate1Label |
| Â | Â |
deviceCustomDate1 |
| Â | Â |
deviceCustomDate2Label |
| Â | Â |
deviceCustomDate2 |
| Â | Â |
deviceDirection |
| Â | Â |
deviceDnsDomain |
| Â | Â |
deviceExternalId |
| Â | Â |
deviceInboundInterface |
| Â | Â |
deviceMacAddress |
| Â | Â |
deviceNtDomain |
| Â | Â |
deviceOutboundInterface |
| Â | Â |
deviceProcessName |
| Â | Â |
deviceTranslatedAddress |
| Â | Â |
dhost |
| Â | Â |
dmac |
| Â | Â |
dntdom |
| Â | Â |
dpid |
| Â | Â |
dpriv |
| Â | Â |
dproc |
| Â | Â |
dst |
| Â | Â |
duid |
| Â | Â |
duser |
| Â | Â |
dvchost |
| Â | Â |
dvc |
| Â | Â |
dvcpid |
| Â | Â |
end |
| Â | Â |
deviceFacility |
| Â | Â |
externalId |
| Â | Â |
fileCreateTime |
| Â | Â |
fileHash |
| Â | Â |
fileId |
| Â | Â |
fileModificationTime |
| Â | Â |
filePath |
| Â | Â |
filePermission |
| Â | Â |
fileType |
| Â | Â |
fname |
| Â | Â |
fsize |
| Â | Â |
in |
| Â | Â |
msg |
| Â | Â |
oldFileCreateTime |
| Â | Â |
oldFileHash |
| Â | Â |
oldFileId |
| Â | Â |
oldFileModificationTime |
| Â | Â |
oldFileName |
| Â | Â |
oldFilePath |
| Â | Â |
oldFilePermission |
| Â | Â |
oldFileSize |
| Â | Â |
oldFileType |
| Â | Â |
outcome |
| Â | Â |
out |
| Â | Â |
proto |
| Â | Â |
reason |
| Â | Â |
requestClientApplication |
| Â | Â |
requestCookies |
| Â | Â |
requestMethod |
| Â | Â |
request |
| Â | Â |
rt |
| Â | Â |
shost |
| Â | Â |
smac |
| Â | Â |
sntdom |
| Â | Â |
sourceDnsDomain |
| Â | Â |
sourceServiceName |
| Â | Â |
sourceTranslatedAddress |
| Â | Â |
sourceTranslatedPort |
| Â | Â |
spid |
| Â | Â |
spriv |
| Â | Â |
sproc |
| Â | Â |
spt |
| Â | Â |
src |
| Â | Â |
start |
| Â | Â |
suid |
| Â | Â |
suser |
| Â | Â |
catdt |
| Â | Â |
deviceDomain |
| Â | Â |
deviceSeverity |
| Â | Â |
dpt |
| Â | Â |
dtz |
| Â | Â |
dvcmac |
| Â | Â |
endTime |
| Â | Â |
eventId |
| Â | Â |
flexNumber1 |
| Â | Â |
flexNumber1Label |
| Â | Â |
flexNumber2 |
| Â | Â |
flexNumber2Label |
| Â | Â |
flexString1 |
| Â | Â |
flexString1Label |
| Â | Â |
flexString2 |
| Â | Â |
flexString2Label |
| Â | Â |
modelConfidence |
| Â | Â |
priority |
| Â | Â |
relevance |
| Â | Â |
requestContext |
| Â | Â |
sessionId |
| Â | Â |
slat |
| Â | Â |
slong |
| Â | Â |
dlat |
| Â | Â |
dlong |
| Â | Â |
sourceGeoCountryCode |
| Â | Â |
sourceGeoLocationInfo |
| Â | Â |
sourceGeoPostalCode |
| Â | Â |
sourceGeoRegionCode |
| Â | Â |
destinationGeoCountryCode |
| Â | Â |
destinationGeoLocationInfo |
| Â | Â |
destinationGeoPostalCode |
| Â | Â |
destinationGeoRegionCode |
| Â | Â |
agt |
| Â | Â |
ahost |
| Â | Â |
art |
| Â | Â |
atz |
| Â | Â |
mrt |
| Â | Â |
categoryBehavior |
| Â | Â |
categoryCustomFormatField |
| Â | Â |
categoryDeviceGroup |
| Â | Â |
categoryObject |
| Â | Â |
categoryOutcome |
| Â | Â |
categorySignificance |
| Â | Â |
categoryTechnique |
| Â | Â |
categoryTupleDescription |
| Â | Â |
assetCriticality |
| Â | Â |
customerID |
| Â | Â |
customerURI |
| Â | Â |
tag |
| cefTag | ✓ |
rawMessage |
|  | ✓ |
hostchain |
|  | ✓ |
cef0.kasperskylab.securitycenter
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
srcIp |
| ip4(split(split(hostchain, "/")[0], "=")[1]) | hostchain | Â |
priorityCode |
| Â | Â | Â |
cefTag |
| Â | Â | Â |
cefVersion |
| Â | Â | Â |
embDeviceVendor |
| Â | Â | Â |
embDeviceProduct |
| Â | Â | Â |
deviceVersion |
| Â | Â | Â |
signatureID |
| Â | Â | Â |
name |
| Â | Â | Â |
severity |
| Â | Â | Â |
_cefVer |
| Â | Â | Â |
act |
| Â | Â | Â |
app |
| Â | Â | Â |
cat |
| Â | Â | Â |
c6a1Label |
| Â | Â | Â |
c6a1 |
| Â | Â | Â |
c6a2Label |
| Â | Â | Â |
c6a2 |
| Â | Â | Â |
c6a3Label |
| Â | Â | Â |
c6a3 |
| Â | Â | Â |
c6a4Label |
| Â | Â | Â |
c6a4 |
| Â | Â | Â |
cfp1Label |
| Â | Â | Â |
cfp1 |
| Â | Â | Â |
cfp2Label |
| Â | Â | Â |
cfp2 |
| Â | Â | Â |
cfp3Label |
| Â | Â | Â |
cfp3 |
| Â | Â | Â |
cfp4Label |
| Â | Â | Â |
cfp4 |
| Â | Â | Â |
cn1Label |
| Â | Â | Â |
cn1 |
| Â | Â | Â |
cn2Label |
| Â | Â | Â |
cn2 |
| Â | Â | Â |
cn3Label |
| Â | Â | Â |
cn3 |
| Â | Â | Â |
cnt |
| Â | Â | Â |
cs1Label |
| Â | Â | Â |
cs1 |
| Â | Â | Â |
cs2Label |
| Â | Â | Â |
cs2 |
| Â | Â | Â |
cs3Label |
| Â | Â | Â |
cs3 |
| Â | Â | Â |
cs4Label |
| Â | Â | Â |
cs4 |
| Â | Â | Â |
cs5Label |
| Â | Â | Â |
cs5 |
| Â | Â | Â |
cs6Label |
| Â | Â | Â |
cs6 |
| Â | Â | Â |
destinationDnsDomain |
| Â | Â | Â |
destinationServiceName |
| Â | Â | Â |
destinationTranslatedAddress |
| Â | Â | Â |
destinationTranslatedPort |
| Â | Â | Â |
deviceCustomDate1Label |
| Â | Â | Â |
deviceCustomDate1 |
| Â | Â | Â |
deviceCustomDate2Label |
| Â | Â | Â |
deviceCustomDate2 |
| Â | Â | Â |
deviceDirection |
| Â | Â | Â |
deviceDnsDomain |
| Â | Â | Â |
deviceExternalId |
| Â | Â | Â |
deviceInboundInterface |
| Â | Â | Â |
deviceMacAddress |
| Â | Â | Â |
deviceNtDomain |
| Â | Â | Â |
deviceOutboundInterface |
| Â | Â | Â |
deviceProcessName |
| Â | Â | Â |
deviceTranslatedAddress |
| Â | Â | Â |
dhost |
| Â | Â | Â |
dmac |
| Â | Â | Â |
dntdom |
| Â | Â | Â |
dpid |
| Â | Â | Â |
dpriv |
| Â | Â | Â |
dproc |
| Â | Â | Â |
dst |
| Â | Â | Â |
duid |
| Â | Â | Â |
duser |
| Â | Â | Â |
dvchost |
| Â | Â | Â |
dvc |
| Â | Â | Â |
dvcpid |
| Â | Â | Â |
end |
| Â | Â | Â |
deviceFacility |
| Â | Â | Â |
externalId |
| Â | Â | Â |
fileCreateTime |
| Â | Â | Â |
fileHash |
| Â | Â | Â |
fileId |
| Â | Â | Â |
fileModificationTime |
| Â | Â | Â |
filePath |
| Â | Â | Â |
filePermission |
| Â | Â | Â |
fileType |
| Â | Â | Â |
fname |
| Â | Â | Â |
fsize |
| Â | Â | Â |
in |
| Â | Â | Â |
msg |
| Â | Â | Â |
oldFileCreateTime |
| Â | Â | Â |
oldFileHash |
| Â | Â | Â |
oldFileId |
| Â | Â | Â |
oldFileModificationTime |
| Â | Â | Â |
oldFileName |
| Â | Â | Â |
oldFilePath |
| Â | Â | Â |
oldFilePermission |
| Â | Â | Â |
oldFileSize |
| Â | Â | Â |
oldFileType |
| Â | Â | Â |
outcome |
| Â | Â | Â |
out |
| Â | Â | Â |
proto |
| Â | Â | Â |
reason |
| Â | Â | Â |
requestClientApplication |
| Â | Â | Â |
requestCookies |
| Â | Â | Â |
requestMethod |
| Â | Â | Â |
request |
| Â | Â | Â |
rt |
| Â | Â | Â |
shost |
| Â | Â | Â |
smac |
| Â | Â | Â |
sntdom |
| Â | Â | Â |
sourceDnsDomain |
| Â | Â | Â |
sourceServiceName |
| Â | Â | Â |
sourceTranslatedAddress |
| Â | Â | Â |
sourceTranslatedPort |
| Â | Â | Â |
spid |
| Â | Â | Â |
spriv |
| Â | Â | Â |
sproc |
| Â | Â | Â |
spt |
| Â | Â | Â |
src |
| Â | Â | Â |
start |
| Â | Â | Â |
suid |
| Â | Â | Â |
suser |
| Â | Â | Â |
catdt |
| Â | Â | Â |
deviceDomain |
| Â | Â | Â |
deviceSeverity |
| Â | Â | Â |
dpt |
| Â | Â | Â |
dtz |
| Â | Â | Â |
dvcmac |
| Â | Â | Â |
endTime |
| Â | Â | Â |
eventId |
| Â | Â | Â |
flexNumber1 |
| Â | Â | Â |
flexNumber1Label |
| Â | Â | Â |
flexNumber2 |
| Â | Â | Â |
flexNumber2Label |
| Â | Â | Â |
flexString1 |
| Â | Â | Â |
flexString1Label |
| Â | Â | Â |
flexString2 |
| Â | Â | Â |
flexString2Label |
| Â | Â | Â |
modelConfidence |
| Â | Â | Â |
priority |
| Â | Â | Â |
relevance |
| Â | Â | Â |
requestContext |
| Â | Â | Â |
sessionId |
| Â | Â | Â |
slat |
| Â | Â | Â |
slong |
| Â | Â | Â |
dlat |
| Â | Â | Â |
dlong |
| Â | Â | Â |
sourceGeoCountryCode |
| Â | Â | Â |
sourceGeoLocationInfo |
| Â | Â | Â |
sourceGeoPostalCode |
| Â | Â | Â |
sourceGeoRegionCode |
| Â | Â | Â |
destinationGeoCountryCode |
| Â | Â | Â |
destinationGeoLocationInfo |
| Â | Â | Â |
destinationGeoPostalCode |
| Â | Â | Â |
destinationGeoRegionCode |
| Â | Â | Â |
agt |
| Â | Â | Â |
ahost |
| Â | Â | Â |
art |
| Â | Â | Â |
atz |
| Â | Â | Â |
mrt |
| Â | Â | Â |
categoryBehavior |
| Â | Â | Â |
categoryCustomFormatField |
| Â | Â | Â |
categoryDeviceGroup |
| Â | Â | Â |
categoryObject |
| Â | Â | Â |
categoryOutcome |
| Â | Â | Â |
categorySignificance |
| Â | Â | Â |
categoryTechnique |
| Â | Â | Â |
categoryTupleDescription |
| Â | Â | Â |
assetCriticality |
| Â | Â | Â |
customerID |
| Â | Â | Â |
customerURI |
| Â | Â | Â |
tag |
|  | cefTag | ✓ |
rawMessage |
|  |  | ✓ |
hostchain |
|  |  | ✓ |