Document toolboxDocument toolbox

cef0.security

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Oct 17, 2023
2 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with cef0.security identify events in CEF format generated by Aqua Security.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

Tags

Data tables

cef0.security.aquasec

cef0.security.aquasec

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.security.aquasec

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

_cefVer

str

 

 

act

str

 

 

cat

str

 

 

cn1Label

str

 

 

cn1

int8

 

 

cn2Label

str

 

 

cn2

int8

 

 

cn3Label

str

 

 

cn3

int8

 

 

cs1Label

str

 

 

cs1

str

 

 

cs3Label

str

 

 

cs3

str

 

 

cs5Label

str

 

 

cs5

str

 

 

cs6Label

str

 

 

cs6

str

 

 

dpid

int4

 

 

dproc

str

 

 

duser

str

 

 

dvchost

str

 

 

filePath

str

 

 

fname

str

 

 

reason

str

 

 

rt

timestamp

 

 

changed_result

str

 

 

command

str

 

 

control

str

 

 

count

str

 

 

critical

str

 

 

data

str

 

 

data_date

str

 

 

date

str

 

 

digest

str

 

 

entity_type

str

 

 

function_metadata

str

 

 

hostgroup

str

 

 

hostip

str

 

 

id

str

 

 

image_assurance_results

str

 

 

image_hash

str

 

 

image_size

str

 

 

info

str

 

 

initiating_user

str

 

 

k8s_cluster

str

 

 

level2

str

 

 

message

str

 

 

os

str

 

 

previous_digest

str

 

 

pull_name

str

 

 

pull_skipped

str

 

 

registry

str

 

 

required_image_platform

str

 

 

resources

str

 

 

scan_duration

str

 

 

scan_options

str

 

 

scan_started

str

 

 

scanned_image_platform

str

 

 

security_feeds_used

str

 

 

source_address

str

 

 

source_ip

str

 

 

subtype

str

 

 

type

str

 

 

version

str

 

 

vulnerability_diff

str

 

 

vulnerability_summary

str

 

 

hostchain

str

 

✓

tag

str

cefTag

✓

rawMessage

str

 

✓