cef0.xss
- Former user (Deleted)
Introduction
The tables beginning with cef0.xss identify events in CEF format generated by xss products.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
cef0.xss.filtro_xssÂ
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
cef0.xss.filtro_xss
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
| Â | Â |
hostname |
| Â | Â |
priorityCode |
| Â | Â |
cefTag |
| Â | Â |
cefVersion |
| Â | Â |
embDeviceVendor |
| Â | Â |
embDeviceProduct |
| Â | Â |
deviceVersion |
| Â | Â |
signatureID |
| Â | Â |
name |
| Â | Â |
severity |
| Â | Â |
_cefVer |
| Â | Â |
dst |
| Â | Â |
requestClientApplication |
| Â | Â |
requestMethod |
| Â | Â |
request |
| Â | Â |
src |
| Â | Â |
in |
| Â | Â |
rt |
| Â | Â |
out |
| Â | Â |
filePath |
| Â | Â |
sourceTranslatedAddress |
| Â | Â |
sourceTranslatedZoneID |
| Â | Â |
destinationGeoCountryCode |
| Â | Â |
sourceZoneID |
| Â | Â |
slong |
| Â | Â |
sourceGeoRegionCode |
| Â | Â |
art |
| Â | Â |
eventId |
| Â | Â |
sourceGeoPostalCode |
| Â | Â |
mrt |
| Â | Â |
customerURI |
| Â | Â |
dlat |
| Â | Â |
sourceZoneURI |
| Â | Â |
assetCriticality |
| Â | Â |
destinationZoneID |
| Â | Â |
destinationGeoLocationInfo |
| Â | Â |
sourceGeoCountryCode |
| Â | Â |
modelConfidence |
| Â | Â |
destinationGeoPostalCode |
| Â | Â |
slat |
| Â | Â |
Severity |
| Â | Â |
relevance |
| Â | Â |
destinationGeoRegionCode |
| Â | Â |
customerID |
| Â | Â |
dlong |
| Â | Â |
sourceTranslatedZoneURI |
| Â | Â |
priority |
| Â | Â |
sourceGeoLocationInfo |
| Â | Â |
destinationZoneURI |
| Â | Â |
hostchain |
|  | ✓ |
tag |
| cefTag | ✓ |
rawMessage |
| Â | Â |