cef0.bluecoat
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
- Former user (Deleted)
Introduction
The tables beginning with cef0.bluecoat identify events in CEF format generated by Blue Coat.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
Tags | Data tables |
|---|---|
|
|
|
|
|
|
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Table structure
These are the fields displayed in these tables:
cef0.bluecoat.proxyAv
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
app |
|
|
|
dvchost |
|
|
|
dvc |
|
|
|
out |
|
|
|
requestMethod |
|
|
|
rt |
|
|
|
sourceDnsDomain |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
arcSightEventPath |
|
|
|
art |
|
|
|
assetCriticality |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
customerID |
|
|
|
customerURI |
|
|
|
deviceSeverity |
|
|
|
deviceZoneID |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventAnnotationAuditTrail |
|
|
|
eventAnnotationEndTime |
|
|
|
eventAnnotationEventId |
|
|
|
eventAnnotationFlags |
|
|
|
eventAnnotationManagerReceiptTime |
|
|
|
eventAnnotationModificationTime |
|
|
|
eventAnnotationStageID |
|
|
|
eventAnnotationStageUpdateTime |
|
|
|
eventAnnotationStageURI |
|
|
|
eventAnnotationVersion |
|
|
|
eventId |
|
|
|
locality |
|
|
|
modelConfidence |
|
|
|
mrt |
|
|
|
priority |
|
|
|
relevance |
|
|
|
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
cef0.blueCoat.proxySg
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
act |
|
|
|
app |
|
|
|
cat |
|
|
|
cs1Label |
|
|
|
cs1 |
|
|
|
cs4Label |
|
|
|
cs4 |
|
|
|
cs6Label |
|
|
|
cs6 |
|
|
|
dhost |
|
|
|
dst |
|
|
|
dvc |
|
|
|
in |
|
|
|
out |
|
|
|
requestClientApplication |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
rt |
|
|
|
src |
|
|
|
suser |
|
|
|
agt |
|
|
|
ahost |
|
|
|
aid |
|
|
|
arcSightEventPath |
|
|
|
art |
|
|
|
assetCriticality |
|
|
|
at |
|
|
|
atz |
|
|
|
av |
|
|
|
catdt |
|
|
|
categoryBehavior |
|
|
|
categoryDeviceGroup |
|
|
|
categoryObject |
|
|
|
categoryOutcome |
|
|
|
categorySignificance |
|
|
|
customerID |
|
|
|
customerURI |
|
|
|
destinationZoneURI |
|
|
|
deviceAssetId |
|
|
|
deviceSeverity |
|
|
|
deviceZoneID |
|
|
|
deviceZoneURI |
|
|
|
dtz |
|
|
|
eventAnnotationAuditTrail |
|
|
|
eventAnnotationEndTime |
|
|
|
eventAnnotationEventId |
|
|
|
eventAnnotationFlags |
|
|
|
eventAnnotationManagerReceiptTime |
|
|
|
eventAnnotationModificationTime |
|
|
|
eventAnnotationStageID |
|
|
|
eventAnnotationStageUpdateTime |
|
|
|
eventAnnotationStageURI |
|
|
|
eventAnnotationVersion |
|
|
|
eventId |
|
|
|
locality |
|
|
|
modelConfidence |
|
|
|
mrt |
|
|
|
priority |
|
|
|
relevance |
|
|
|
requestContext |
|
|
|
slat |
|
|
|
slong |
|
|
|
sourceGeoCountryCode |
|
|
|
sourceGeoLocationInfo |
|
|
|
sourceGeoPostalCode |
|
|
|
sourceGeoRegionCode |
|
|
|
sourceZoneExternalID |
|
|
|
sourceZoneID |
|
|
|
sourceZoneURI |
|
|
|
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
cef0.blueCoat.proxySgNavegacion
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
priorityCode |
|
|
|
cefTag |
|
|
|
cefVersion |
|
|
|
embDeviceVendor |
|
|
|
embDeviceProduct |
|
|
|
deviceVersion |
|
|
|
signatureID |
|
|
|
name |
|
|
|
severity |
|
|
|
_cefVer |
|
|
|
act |
|
|
|
app |
|
|
|
cat |
|
|
|
c6a1Label |
|
|
|
c6a1 |
|
|
|
c6a2Label |
|
|
|
c6a2 |
|
|
|
c6a3Label |
|
|
|
c6a3 |
|
|
|
c6a4Label |
|
|
|
c6a4 |
|
|
|
cfp1Label |
|
|
|
cfp1 |
|
|
|
cfp2Label |
|
|
|
cfp2 |
|
|
|
cfp3Label |
|
|
|
cfp3 |
|
|
|
cfp4Label |
|
|
|
cfp4 |
|
|
|
cn1Label |
|
|
|
cn1 |
|
|
|
cn2Label |
|
|
|
cn2 |
|
|
|
cn3Label |
|
|
|
cn3 |
|
|
|
cnt |
|
|
|
cs1Label |
|
|
|
cs1 |
|
|
|
cs2Label |
|
|
|
cs2 |
|
|
|
cs3Label |
|
|
|
cs3 |
|
|
|
cs4Label |
|
|
|
cs4 |
|
|
|
cs5Label |
|
|
|
cs5 |
|
|
|
cs6Label |
|
|
|
cs6 |
|
|
|
destinationDnsDomain |
|
|
|
destinationServiceName |
|
|
|
destinationTranslatedAddress |
|
|
|
destinationTranslatedPort |
|
|
|
deviceCustomDate1Label |
|
|
|
deviceCustomDate1 |
|
|
|
deviceCustomDate2Label |
|
|
|
deviceCustomDate2 |
|
|
|
deviceDirection |
|
|
|
deviceDnsDomain |
|
|
|
deviceExternalId |
|
|
|
deviceInboundInterface |
|
|
|
deviceMacAddress |
|
|
|
deviceNtDomain |
|
|
|
deviceOutboundInterface |
|
|
|
deviceProcessName |
|
|
|
deviceTranslatedAddress |
|
|
|
dhost |
|
|
|
dmac |
|
|
|
dntdom |
|
|
|
dpid |
|
|
|
dpriv |
|
|
|
dproc |
|
|
|
dst |
|
|
|
duid |
|
|
|
duser |
|
|
|
dvchost |
|
|
|
dvc |
|
|
|
dvcpid |
|
|
|
end |
|
|
|
deviceFacility |
|
|
|
externalId |
|
|
|
fileCreateTime |
|
|
|
fileHash |
|
|
|
fileId |
|
|
|
fileModificationTime |
|
|
|
filePath |
|
|
|
filePermission |
|
|
|
fileType |
|
|
|
fname |
|
|
|
fsize |
|
|
|
in |
|
|
|
msg |
|
|
|
oldFileCreateTime |
|
|
|
oldFileHash |
|
|
|
oldFileId |
|
|
|
oldFileModificationTime |
|
|
|
oldFileName |
|
|
|
oldFilePath |
|
|
|
oldFilePermission |
|
|
|
oldFileSize |
|
|
|
oldFileType |
|
|
|
outcome |
|
|
|
out |
|
|
|
proto |
|
|
|
reason |
|
|
|
requestClientApplication |
|
|
|
requestCookies |
|
|
|
requestMethod |
|
|
|
request |
|
|
|
rt |
|
|
|
shost |
|
|
|
smac |
|
|
|
sntdom |
|
|
|
sourceDnsDomain |
|
|
|
sourceServiceName |
|
|
|
sourceTranslatedAddress |
|
|
|
sourceTranslatedPort |
|
|
|
spid |
|
|
|
spriv |
|
|
|
sproc |
|
|
|
spt |
|
|
|
src |
|
|
|
start |
|
|
|
suid |
|
|
|
suser |
|
|
|
catdt |
|
|
|
deviceDomain |
|
|
|
deviceSeverity |
|
|
|
dpt |
|
|
|
dtz |
|
|
|
dvcmac |
|
|
|
endTime |
|
|
|
eventId |
|
|
|
flexNumber1 |
|
|
|
flexNumber1Label |
|
|
|
flexNumber2 |
|
|
|
flexNumber2Label |
|
|
|
flexString1 |
|
|
|
flexString1Label |
|
|
|
flexString2 |
|
|
|
flexString2Label |
|
|
|
modelConfidence |
|
|
|
priority |
|
|
|
relevance |
|
|
|
requestContext |
|
|
|
sessionId |
|
|
|
slat |
|
|
|
slong |
|
|
|
dlat |
|
|
|
dlong |
|
|
|
sourceGeoCountryCode |
|
|
|
sourceGeoLocationInfo |
|
|
|
sourceGeoPostalCode |
|
|
|
sourceGeoRegionCode |
|
|
|
destinationGeoCountryCode |
|
|
|
destinationGeoLocationInfo |
|
|
|
destinationGeoPostalCode |
|
|
|
destinationGeoRegionCode |
|
|
|
agt |
|
|
|
ahost |
|
|
|
art |
|
|
|
atz |
|
|
|
mrt |
|
|
|
categoryBehavior |
|
|
|
categoryCustomFormatField |
|
|
|
categoryDeviceGroup |
|
|
|
categoryObject |
|
|
|
categoryOutcome |
|
|
|
categorySignificance |
|
|
|
categoryTechnique |
|
|
|
categoryTupleDescription |
|
|
|
assetCriticality |
|
|
|
customerID |
|
|
|
customerURI |
|
|
|
tag |
| cefTag | ✓ |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |