Introduction
The tags beginning with threatintel.bandura identify events generated by Bandura.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as threatintel.bandura. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
threatintel | bandura |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
threatintel.bandura.threatblockr.dnslog | threatintel.bandura.threatblockr.dnslog |
threatintel.bandura.threatblockr.dnsresplog | threatintel.bandura.threatblockr.dnsresplog |
threatintel.bandura.threatblockr.packetlog | threatintel.bandura.threatblockr.packetlog |
How is data sent to Devo?
Logs generated by Bandura are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.