Introduction
The tags beginning with threatintel.socradar identify events generated by SOCRadar.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as threatintel.socradar. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
threatintel | socradar |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
threatintel.socradar.xti.audit_logs | threatintel.socradar.xti.audit_log |
threatintel.socradar.xti.incidents | threatintel.socradar.xti.incidents |
threatintel.socradar.xti.threat_feed | threatintel.socradar.xti.threat_feed |
How is data sent to Devo?
Logs generated by Bandura are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.