Document toolboxDocument toolbox

cef0.skyformation

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Oct 17, 2023
4 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with cef0.skyformation identify events in CEF format generated by Sky Formation.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

Tags

Data tables

Tags

Data tables

cef0.skyformation.skyformationCloudAppsSecurity

cef0.skyformation.skyformationCloudAppsSecurity

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.skyformation.skyformationCloudAppsSecurity

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

priorityCode

str

 

 

cefTag

str

 

 

cefVersion

str

 

 

embDeviceVendor

str

 

 

embDeviceProduct

str

 

 

deviceVersion

str

 

 

signatureID

str

 

 

name

str

 

 

severity

str

 

 

_cefVer

str

 

 

act

str

 

 

cat

str

 

 

cn1Label

str

 

 

cn1

int8

 

 

cs1Label

str

 

 

cs1

str

 

 

cs2Label

str

 

 

cs2

str

 

 

cs6Label

str

 

 

cs6

str

 

 

destinationServiceName

str

 

 

deviceInboundInterface

str

 

 

dhost

str

 

 

dpriv

str

 

 

dproc

str

 

 

duid

str

 

 

duser

str

 

 

dvchost

str

 

 

dvcpid

int4

 

 

end

timestamp

 

 

fileHash

str

 

 

filePath

str

 

 

fileType

str

 

 

fname

str

 

 

msg

str

 

 

oldFilePath

str

 

 

outcome

str

 

 

out

int8

 

 

proto

str

 

 

reason

str

 

 

requestClientApplication

str

 

 

requestCookies

str

 

 

requestMethod

str

 

 

request

str

 

 

shost

str

 

 

smac

str

 

 

sntdom

str

 

 

sourceServiceName

str

 

 

src

str

 

 

suid

str

 

 

suser

str

 

 

devicePayloadId

str

 

 

dtz

str

 

 

ext_Act

str

 

 

ext_AppId

str

 

 

ext_AttCnt

str

 

 

ext_AttSize

str

 

 

ext_ClientAppId

str

 

 

ext_ClientIP

str

 

 

ext_ClientIPAddress

str

 

 

ext_ClientInfoString

str

 

 

ext_ClientRequestId

str

 

 

ext_CreationTime

str

 

 

ext_Dir

str

 

 

ext_ExternalAccess

str

 

 

ext_Folders_0__FolderItems_0__InternetMessageId

str

 

 

ext_Folders_0__Id

str

 

 

ext_Folders_0__Path

str

 

 

ext_Id

str

 

 

ext_InternalLogonType

str

 

 

ext_Item_Attachments

str

 

 

ext_Item_Id

str

 

 

ext_Item_InternetMessageId

str

 

 

ext_Item_IsRecord

str

 

 

ext_Item_ParentFolder_Id

str

 

 

ext_Item_ParentFolder_Path

str

 

 

ext_Item_SizeInBytes

str

 

 

ext_Item_Subject

str

 

 

ext_LogonType

str

 

 

ext_LogonUserSid

str

 

 

ext_MailboxGuid

str

 

 

ext_MailboxOwnerSid

str

 

 

ext_MailboxOwnerUPN

str

 

 

ext_ModifiedProperties_0_

str

 

 

ext_MsgId

str

 

 

ext_MsgSize

str

 

 

ext_Operation

str

 

 

ext_OperationCount

str

 

 

ext_OperationProperties_0__Name

str

 

 

ext_OperationProperties_0__Value

str

 

 

ext_OperationProperties_1__Name

str

 

 

ext_OperationProperties_1__Value

str

 

 

ext_OrganizationId

str

 

 

ext_OrganizationName

str

 

 

ext_OriginatingServer

str

 

 

ext_Rcpt

str

 

 

ext_RcptActType

str

 

 

ext_RcptHdrType

str

 

 

ext_RecordType

str

 

 

ext_ResultStatus

str

 

 

ext_Sender

str

 

 

ext_SessionId

str

 

 

ext_Subject

str

 

 

ext_UserId

str

 

 

ext_UserKey

str

 

 

ext_UserType

str

 

 

ext_Version

str

 

 

ext_Workload

str

 

 

ext__action_taken_

str

 

 

ext__action_taken_by_

str

 

 

ext__admin_id_

str

 

 

ext__admin_role_

str

 

 

ext__asset_id_

str

 

 

ext__cloud_app_instance_

str

 

 

ext__event_category___tag

str

 

 

ext__event_type_

str

 

 

ext__event_type___tag

str

 

 

ext__event_type__description

str

 

 

ext__incident_id_

str

 

 

ext__involve_non_team_member_

str

 

 

ext__item_creator_

str

 

 

ext__item_name_

str

 

 

ext__item_owner_

str

 

 

ext__item_type_

str

 

 

ext__log_type_

str

 

 

ext__policy_rule_name_

str

 

 

ext__resource_value_new_

str

 

 

ext__resource_value_old_

str

 

 

ext__riskEventTypes_v2_

str

 

 

ext__source_ip_

str

 

 

ext__target_type_

str

 

 

ext_aCode

str

 

 

ext_acc

str

 

 

ext_action

str

 

 

ext_actor__tag

str

 

 

ext_actor_user__tag

str

 

 

ext_actor_user_account_id_

str

 

 

ext_actor_user_display_name_

str

 

 

ext_actor_user_email

str

 

 

ext_actor_user_team_member_id_

str

 

 

ext_appDisplayName

str

 

 

ext_appId

str

 

 

ext_appliedConditionalAccessPolicies_0__displayName

str

 

 

ext_appliedConditionalAccessPolicies_0__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_0__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_0__id

str

 

 

ext_appliedConditionalAccessPolicies_0__result

str

 

 

ext_appliedConditionalAccessPolicies_10__displayName

str

 

 

ext_appliedConditionalAccessPolicies_10__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_10__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_10__id

str

 

 

ext_appliedConditionalAccessPolicies_10__result

str

 

 

ext_appliedConditionalAccessPolicies_11__displayName

str

 

 

ext_appliedConditionalAccessPolicies_11__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_11__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_11__id

str

 

 

ext_appliedConditionalAccessPolicies_11__result

str

 

 

ext_appliedConditionalAccessPolicies_12__displayName

str

 

 

ext_appliedConditionalAccessPolicies_12__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_12__enforcedSessionControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_12__id

str

 

 

ext_appliedConditionalAccessPolicies_12__result

str

 

 

ext_appliedConditionalAccessPolicies_13__displayName

str

 

 

ext_appliedConditionalAccessPolicies_13__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_13__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_13__id

str

 

 

ext_appliedConditionalAccessPolicies_13__result

str

 

 

ext_appliedConditionalAccessPolicies_14__displayName

str

 

 

ext_appliedConditionalAccessPolicies_14__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_14__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_14__id

str

 

 

ext_appliedConditionalAccessPolicies_14__result

str

 

 

ext_appliedConditionalAccessPolicies_15__displayName

str

 

 

ext_appliedConditionalAccessPolicies_15__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_15__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_15__id

str

 

 

ext_appliedConditionalAccessPolicies_15__result

str

 

 

ext_appliedConditionalAccessPolicies_16__displayName

str

 

 

ext_appliedConditionalAccessPolicies_16__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_16__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_16__id

str

 

 

ext_appliedConditionalAccessPolicies_16__result

str

 

 

ext_appliedConditionalAccessPolicies_1__displayName

str

 

 

ext_appliedConditionalAccessPolicies_1__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_1__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_1__id

str

 

 

ext_appliedConditionalAccessPolicies_1__result

str

 

 

ext_appliedConditionalAccessPolicies_2__displayName

str

 

 

ext_appliedConditionalAccessPolicies_2__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_2__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_2__id

str

 

 

ext_appliedConditionalAccessPolicies_2__result

str

 

 

ext_appliedConditionalAccessPolicies_3__displayName

str

 

 

ext_appliedConditionalAccessPolicies_3__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_3__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_3__id

str

 

 

ext_appliedConditionalAccessPolicies_3__result

str

 

 

ext_appliedConditionalAccessPolicies_4__displayName

str

 

 

ext_appliedConditionalAccessPolicies_4__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_4__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_4__id

str

 

 

ext_appliedConditionalAccessPolicies_4__result

str

 

 

ext_appliedConditionalAccessPolicies_5__displayName

str

 

 

ext_appliedConditionalAccessPolicies_5__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_5__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_5__id

str

 

 

ext_appliedConditionalAccessPolicies_5__result

str

 

 

ext_appliedConditionalAccessPolicies_6__displayName

str

 

 

ext_appliedConditionalAccessPolicies_6__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_6__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_6__id

str

 

 

ext_appliedConditionalAccessPolicies_6__result

str

 

 

ext_appliedConditionalAccessPolicies_7__displayName

str

 

 

ext_appliedConditionalAccessPolicies_7__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_7__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_7__id

str

 

 

ext_appliedConditionalAccessPolicies_7__result

str

 

 

ext_appliedConditionalAccessPolicies_8__displayName

str

 

 

ext_appliedConditionalAccessPolicies_8__enforcedGrantControls

str

 

 

ext_appliedConditionalAccessPolicies_8__enforcedSessionControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_8__id

str

 

 

ext_appliedConditionalAccessPolicies_8__result

str

 

 

ext_appliedConditionalAccessPolicies_9__displayName

str

 

 

ext_appliedConditionalAccessPolicies_9__enforcedGrantControls_0_

str

 

 

ext_appliedConditionalAccessPolicies_9__enforcedSessionControls

str

 

 

ext_appliedConditionalAccessPolicies_9__id

str

 

 

ext_appliedConditionalAccessPolicies_9__result

str

 

 

ext_assets

str

 

 

ext_auditType

str

 

 

ext_authorization_action

str

 

 

ext_authorization_scope

str

 

 

ext_caller

str

 

 

ext_category

str

 

 

ext_category_localizedValue

str

 

 

ext_category_value

str

 

 

ext_channels

str

 

 

ext_claims_aio

str

 

 

ext_claims_appid

str

 

 

ext_claims_appidacr

str

 

 

ext_claims_aud

str

 

 

ext_claims_exp

str

 

 

ext_claims_groups

str

 

 

ext_claims_iat

str

 

 

ext_claims_iss

str

 

 

ext_claims_nbf

str

 

 

ext_claims_rh

str

 

 

ext_claims_uti

str

 

 

ext_claims_ver

str

 

 

ext_claims_xms_tcdt_

str

 

 

ext_clientAppUsed

str

 

 

ext_conditionalAccessStatus

str

 

 

ext_context__tag

str

 

 

ext_context_account_id_

str

 

 

ext_context_display_name_

str

 

 

ext_context_email

str

 

 

ext_context_team_member_id_

str

 

 

ext_correlationId

str

 

 

ext_createdDateTime

str

 

 

ext_datetime

str

 

 

ext_description

str

 

 

ext_details__tag

str

 

 

ext_details_user_agent_

str

 

 

ext_deviceDetail_browser

str

 

 

ext_deviceDetail_deviceId

str

 

 

ext_deviceDetail_displayName

str

 

 

ext_deviceDetail_isCompliant

str

 

 

ext_deviceDetail_isManaged

str

 

 

ext_deviceDetail_operatingSystem

str

 

 

ext_deviceDetail_trustType

str

 

 

ext_eventDataId

str

 

 

ext_eventInfo

str

 

 

ext_eventName_localizedValue

str

 

 

ext_eventName_value

str

 

 

ext_eventTime

str

 

 

ext_eventTimestamp

str

 

 

ext_field

str

 

 

ext_httpRequest_clientIpAddress

str

 

 

ext_httpRequest_clientRequestId

str

 

 

ext_httpRequest_method

str

 

 

ext_id

str

 

 

ext_ip

str

 

 

ext_ipAddress

str

 

 

ext_isInteractive

str

 

 

ext_level

str

 

 

ext_location

str

 

 

ext_location_city

str

 

 

ext_location_countryOrRegion

str

 

 

ext_location_geoCoordinates_latitude

str

 

 

ext_location_geoCoordinates_longitude

str

 

 

ext_location_state

str

 

 

ext_operationId

str

 

 

ext_operationName_localizedValue

str

 

 

ext_operationName_value

str

 

 

ext_origin_access_method___tag

str

 

 

ext_origin_access_method__end_user___tag

str

 

 

ext_origin_access_method__end_user__session_id_

str

 

 

ext_origin_geo_location__city

str

 

 

ext_origin_geo_location__country

str

 

 

ext_origin_geo_location__ip_address_

str

 

 

ext_origin_geo_location__region

str

 

 

ext_participants

str

 

 

ext_properties_eventCategory

str

 

 

ext_properties_serviceRequestId

str

 

 

ext_properties_statusCode

str

 

 

ext_resourceDisplayName

str

 

 

ext_resourceGroupName

str

 

 

ext_resourceId

str

 

 

ext_resourceProviderName_localizedValue

str

 

 

ext_resourceProviderName_value

str

 

 

ext_resourceType_localizedValue

str

 

 

ext_resourceType_value

str

 

 

ext_riskDetail

str

 

 

ext_riskEventTypes

str

 

 

ext_riskLevelAggregated

str

 

 

ext_riskLevelDuringSignIn

str

 

 

ext_riskState

str

 

 

ext_serial

str

 

 

ext_severity

str

 

 

ext_status_errorCode

str

 

 

ext_status_failureReason

str

 

 

ext_status_localizedValue

str

 

 

ext_status_value

str

 

 

ext_subStatus_localizedValue

str

 

 

ext_subStatus_value

str

 

 

ext_submissionTimestamp

str

 

 

ext_subscriptionId

str

 

 

ext_tenantId

str

 

 

ext_timestamp

str

 

 

ext_user

str

 

 

ext_userDisplayName

str

 

 

ext_userId

str

 

 

ext_userPrincipalName

str

 

 

externalID

str

 

 

flexString1

str

 

 

flexString1Label

str

 

 

flexString2

str

 

 

flexString2Label

str

 

 

requestContext

str

 

 

hostchain

str

 

✓

rawMessage

str

 

✓

tag

str

cefTag

✓