New

The executive guide to generative AI

Read more

CEF fields

edit

Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides.

forcepoint

edit

Fields for Forcepoint Custom String mappings

forcepoint.virus_id

Virus ID

type: keyword

checkpoint

edit

Fields for Check Point custom string mappings.

checkpoint.app_risk

Application risk.

type: keyword

checkpoint.app_severity

Application threat severity.

type: keyword

checkpoint.app_sig_id

The signature ID which the application was detected by.

type: keyword

checkpoint.auth_method

Password authentication protocol used.

type: keyword

checkpoint.category

Category.

type: keyword

checkpoint.confidence_level

Confidence level determined.

type: integer

checkpoint.connectivity_state

Connectivity state.

type: keyword

checkpoint.cookie

IKE cookie.

type: keyword

checkpoint.dst_phone_number

Destination IP-Phone.

type: keyword

checkpoint.email_control

Engine name.

type: keyword

checkpoint.email_id

Internal email ID.

type: keyword

checkpoint.email_recipients_num

Number of recipients.

type: long

checkpoint.email_session_id

Internal email session ID.

type: keyword

checkpoint.email_spool_id

Internal email spool ID.

type: keyword

checkpoint.email_subject

Email subject.

type: keyword

checkpoint.event_count

Number of events associated with the log.

type: long

checkpoint.frequency

Scan frequency.

type: keyword

checkpoint.icmp_type

ICMP type.

type: long

checkpoint.icmp_code

ICMP code.

type: long

checkpoint.identity_type

Identity type.

type: keyword

checkpoint.incident_extension

Format of original data.

type: keyword

checkpoint.integrity_av_invoke_type

Scan invoke type.

type: keyword

checkpoint.malware_family

Malware family.

type: keyword

checkpoint.peer_gateway

Main IP of the peer Security Gateway.

type: ip

checkpoint.performance_impact

Protection performance impact.

type: integer

checkpoint.protection_id

Protection malware ID.

type: keyword

checkpoint.protection_name

Specific signature name of the attack.

type: keyword

checkpoint.protection_type

Type of protection used to detect the attack.

type: keyword

checkpoint.scan_result

Scan result.

type: keyword

checkpoint.sensor_mode

Sensor mode.

type: keyword

checkpoint.severity

Threat severity.

type: keyword

checkpoint.spyware_name

Spyware name.

type: keyword

checkpoint.spyware_status

Spyware status.

type: keyword

checkpoint.subs_exp

The expiration date of the subscription.

type: date

checkpoint.tcp_flags

TCP packet flags.

type: keyword

checkpoint.termination_reason

Termination reason.

type: keyword

checkpoint.update_status

Update status.

type: keyword

checkpoint.user_status

User response.

type: keyword

checkpoint.uuid

External ID.

type: keyword

checkpoint.virus_name

Virus name.

type: keyword

checkpoint.voip_log_type

VoIP log types.

type: keyword

cef.extensions

edit

Extra vendor-specific extensions.

cef.extensions.cp_app_risk

type: keyword

cef.extensions.cp_severity

type: keyword

cef.extensions.ifname

type: keyword

cef.extensions.inzone

type: keyword

cef.extensions.layer_uuid

type: keyword

cef.extensions.layer_name

type: keyword

cef.extensions.logid

type: keyword

cef.extensions.loguid

type: keyword

cef.extensions.match_id

type: keyword

cef.extensions.nat_addtnl_rulenum

type: keyword

cef.extensions.nat_rulenum

type: keyword

cef.extensions.origin

type: keyword

cef.extensions.originsicname

type: keyword

cef.extensions.outzone

type: keyword

cef.extensions.parent_rule

type: keyword

cef.extensions.product

type: keyword

cef.extensions.rule_action

type: keyword

cef.extensions.rule_uid

type: keyword

cef.extensions.sequencenum

type: keyword

cef.extensions.service_id

type: keyword

cef.extensions.version

type: keyword

Was this helpful?
Feedback