edr.mcafee
- Juan Tomás Alonso Nieto (Deactivated)
- Laszlo Frazer
Introduction
The tags begin with edr.mcafee identify the events generated by McAfee MVISION Endpoint.
Tag structure
The full tag must have 4 levels. The first two are fixed as edr.mcafee. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Product / Services | Tags | Data tables |
|---|---|---|
McAfee MVISION Endpoint |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
edr.mcafee.mvision.threat
Field | Type | Field transformation | Source field name | Extra fields |
|---|---|---|---|---|
eventdate |
|
|
|
|
hostname |
|
|
|
|
id |
|
|
|
|
type |
|
|
|
|
entity |
|
|
|
|
origin |
|
|
|
|
nature |
|
|
|
|
user |
|
|
|
|
timestamp |
|
|
|
|
threat__id |
|
|
|
|
threat__maGuid |
|
|
|
|
threat__detectionDate |
|
|
|
|
threat__eventType |
|
|
|
|
threat__threatType |
|
|
|
|
threat__threatAttrs__name |
|
|
|
|
threat__threatAttrs__path |
|
|
|
|
threat__threatAttrs__md5 |
|
|
|
|
threat__threatAttrs__sha1 |
|
|
|
|
threat__threatAttrs__sha256 |
|
|
|
|
threat__interpreterFileAttrs__name |
|
|
|
|
threat__interpreterFileAttrs__path |
|
|
|
|
threat__interpreterFileAttrs__md5 |
|
|
|
|
threat__interpreterFileAttrs__sha1 |
|
|
|
|
threat__interpreterFileAttrs__sha256 |
|
|
|
|
threat__severity |
|
|
|
|
threat__rank |
|
|
|
|
threat__score |
|
|
|
|
threat__detectionTags_str |
| join(threat__detectionTags, ',') | threat__detectionTags |
|
threat__contentVersion |
|
|
|
|
tenant_id |
|
|
|
|
transaction_id |
|
|
|
|
hostchain |
|
|
| ✓ |
tag |
|
|
| ✓ |
rawMessage |
|
|
| ✓ |