Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 30
Next »
Introduction
This table collects information about different authentication events generated by a variety of platforms.
Source tables
The information displayed is extracted from the following tables:
Check source tables
adn.f5.bigip.apm
adn.f5.bigip.audit
auth.cisco.ise
auth.duo.administrator.login
auth.duo.authentication.events
auth.jumpcloud.directory.events
auth.jumpcloud.ldap.events
auth.jumpcloud.mdm.events
auth.jumpcloud.radius.events
auth.jumpcloud.software.events
auth.jumpcloud.sso.events
auth.jumpcloud.systems.events
auth.okta.events
auth.okta.system
auth.onelogin.events
auth.ping.federate.audit
auth.ping.federate.security_audit
auth.ping.id.mfa
auth.rsa.secureid.runtime
auth.securenvoy
auth.thycotic.secretserver
box.audit.unix.audispd
box.audit.unix.auditd
box.devo_ea.events_linux
box.devo_ea.events_windows
box.devo_ua.events_windows
box.unix
box.unix_cloudwatch
box.vmware.esx
box.win
box.winNxlog
box.win_classic
box.win_cloudwatch
box.win_hf
box.win_kinesis
box.win_nxlog
box.win_quest.change_auditor.leef
box.win_snare
box.win_solarwinds
box.win_winlogbeat
cef0.microsoft.microsoftWindows
cloud.aws.cloudtrail.events
cloud.aws.cloudtrail.signin
cloud.azure.ad.signin
cloud.azure.sql.audit
cloud.azure.vm.applicationevent
cloud.azure.vm.securityevent
cloud.azure.vm.systemevent
cloud.azure.vm.unix
cloud.gsuite.reports.login
cloud.office365.management_all
cloud.office365.oldmanagement
crm.salesforceobjects.loginhistory
db.mssql.events
db.oracle.audit_trail
ddi.infoblox.audit
firewall.fortinet.event.system
firewall.juniper.srx.system
firewall.paloalto.globalprotect
firewall.paloalto.system
helpdesk.zendesk.audit.logs
network.citrix.adc.sslvpn
siem.logtrust.web.connection
vpn.aws.client
vpn.cisco.asa.anyconnect
Table structure
This is the set of columns displayed by this union table, which is the result of the collection of columns present in all source tables:
Field | Data type | Extra fields |
---|
eventdate | timestamp
| - |
source | str
| - |
action | str
| - |
machine | str
| - |
application | str
| - |
user_domain | str
| - |
user | str
| - |
Field | Data type | Extra fields |
---|
source_ip | ip
| - |
source_hostname | str
| - |
source_user | str
| - |
result | str
| - |
message | str
| - |
hostchain | str
| ✓ |
tag | str
| ✓ |
Even though all source tables have several features in common, they have some particularities that make it necessary to undergo a set of transformations to harmonize them for the union table. The most common transformations comprise changes in the data type or the application of rules when several columns in the source table feed a single column in the union table. You can find below the detailed list of transformations in each source table.