|
Field type |
Field name |
Description |
Example value |
|---|---|---|---|
|
CEF header |
CEF:Version |
CEF version. |
CEF:0 |
|
Device Vendor |
Product vendor. |
UserGate |
|
|
Device Product |
Product type. |
NGFW |
|
|
Device Version |
Product version. |
7 |
|
|
Source |
Log name. |
userid |
|
|
Name |
Source type. |
log |
|
|
Threat Level |
Product version. |
Available values: from 1 to 10 (the set threat level multiplied by 2). |
|
|
CEF [extension] |
rt |
Time when the event was received (in milliseconds since January 1, 1970). |
1701085036026 |
|
deviceExternalId |
The name of the device that generated the event. |
||
|
act |
The action applied to the event. |
login |
|
|
reason |
The reason why the event was created. For example, login to the system. |
{"user_groups_sids":["S-1-5-21-3795870133-5220325-2125745684-513","S-1-5-21-3795870133-5220325-2125745684-512"], "user_sid":"S-1-5-21-3795870133-5220325-2125745684-1103","login":"user1","domain":"DEP","event_id":4624} |
|
|
suser |
The username. |
user1 |
|
|
cs1Label |
Indicates that a rule was triggered. |
Rule |
|
|
cs1 |
Name of the rule triggered to cause the event. |
dep.local |
|
|
src |
Traffic source IPv4 address. |
10.10.0.11 |