Introduction
Tags beginning with cspm.horangi identify events generated by Horangi Cyber Security.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as cspm.horangi. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
cspm | horangi |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
cspm.horangi.warden.alerts | cspm.horangi.warden.alerts |
Table structure
This is the set displayed by these tables.
cspm.horangi.warden.alerts
Field | Type | Extra Label |
|---|---|---|
eventdate |
| - |
hostname |
| - |
alert__id |
| - |
alert__monitoring_groups |
| - |
alert__severity |
| - |
alert__title |
| - |
alert__type |
| - |
alert__warden_url |
| - |
cloud__account__id |
| - |
cloud__account__name |
| - |
cloud__provider |
| - |
cloud__region |
| - |
event__action |
| - |
identity__id |
| - |
identity__is_service |
| - |
identity__name |
| - |
identity__type |
| - |
identity__user_agent |
| - |
identity__metadata__etag |
| - |
identity__metadata__name |
| - |
identity__metadata__email |
| - |
identity__metadata__horangi |
| - |
identity__metadata__uniqueId |
| - |
identity__metadata__projectId |
| - |
identity__metadata__displayName |
| - |
identity__metadata__oauth2ClientId |
| - |
identity__metadata__policyanalyzer |
| - |
identity__metadata__id |
| - |
identity__metadata__kind |
| - |
identity__metadata__emails |
| - |
identity__metadata__aliases |
| - |
identity__metadata__isAdmin |
| - |
identity__metadata__archived |
| - |
identity__metadata__addresses |
| - |
identity__metadata__languages |
| - |
identity__metadata__locations |
| - |
identity__metadata__relations |
| - |
identity__metadata__suspended |
| - |
identity__metadata__customerId |
| - |
identity__metadata__externalIds |
| - |
identity__metadata__orgUnitPath |
| - |
identity__metadata__creationTime |
| - |
identity__metadata__primaryEmail |
| - |
identity__metadata__agreedToTerms |
| - |
identity__metadata__ipWhitelisted |
| - |
identity__metadata__lastLoginTime |
| - |
identity__metadata__organizations |
| - |
identity__metadata__posixAccounts |
| - |
identity__metadata__recoveryEmail |
| - |
identity__metadata__recoveryPhone |
| - |
identity__metadata__sshPublicKeys |
| - |
identity__metadata__isMailboxSetup |
| - |
identity__metadata__isEnforcedIn2Sv |
| - |
identity__metadata__isEnrolledIn2Sv |
| - |
identity__metadata__isDelegatedAdmin |
| - |
identity__metadata__changePasswordAtNextLogin |
| - |
identity__metadata__includeInGlobalAddressList |
| - |
identity__metadata__thumbnailPhotoUrl |
| - |
identity__metadata__thumbnailPhotoEtag |
| - |
identity__metadata__gender |
| - |
identity__metadata__description |
| - |
resource__category |
| - |
resource__id |
| - |
resource__type |
| - |
resource__metadata |
| - |
rule__name |
| - |
rule__description |
| - |
source__geo__city |
| - |
source__geo__continent |
| - |
source__geo__country |
| - |
source__ip |
| - |
timestamp |
| - |
at_devo_collector_version |
| - |
at_devo_source_id |
| - |
at_devo_project_id |
| - |
at_devo_retrieving_timestamp |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |