Document toolboxDocument toolbox

cef0.skyhighSecurity

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Mar 12, 2024
1 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

Tables beginning withcef0.skyhighSecurity identify events in CEF format generated by Skyhigh Security.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

Tags

Data tables

cef0.skyhighSecurity.skyhighSecurityCloud

cef0.skyhighSecurity.skyhighSecurityCloud

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.skyhighSecurity.skyhighSecurityCloud

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priority_code

str

 

 

cef_tag

str

 

 

cef_version

str

 

 

emb_device_vendor

str

 

 

emb_device_product

str

 

 

device_version

str

 

 

signature_id

str

 

 

name

str

 

 

severity

str

 

 

start

str

 

 

source_username

str

 

 

device_ip

ip4

 

 

activity_name

str

 

 

actor_id_type

str

 

 

classification_names

str

 

 

content_item_id

str

 

 

content_item_name

str

 

 

content_item_type

str

 

 

file_size

str

 

 

id

str

 

 

incident_id

str

 

 

incident_risk_severity_id

str

 

 

information_destination_url

str

 

 

information_file_types

str

 

 

information_last_executed_response_label

str

 

 

information_primary_rule_group

str

 

 

information_resolution_action

str

 

 

information_user_attributes_department

str

 

 

information_user_attributes_manager

str

 

 

information_user_attributes_memberships

str

 

 

information_user_attributes_name

str

 

 

audit_event_type_event_category_id

str

 

 

audit_event_type_event_category_name

str

 

 

audit_event_type_event_type_id

str

 

 

audit_event_type_event_type_name

str

 

 

audit_event_type_sub_type_id

str

 

 

description

str

 

 

event_info

str

 

 

insertion_id

str

 

 

object_name

str

 

 

tenant_id

str

 

 

timestamp

str

 

 

user_info_first_name

str

 

 

user_info_last_name

str

 

 

user_info_user_id

str

 

 

policy_id

str

 

 

policy_name

str

 

 

response

str

 

 

risk_severity

str

 

 

service_names

str

 

 

significantly_updated_at

str

 

 

status

str

 

 

total_match_count

str

 

 

updated_on

str

 

 

hostchain

str

 

✓

tag

str

cef_tag

✓

rawMessage

str

 

✓