Please refer to the table below as StellarProtect agent events in the Common Event Format.
|
CEF Field Name |
Description |
Possible Values |
|---|---|---|
|
Header |
||
|
CEF:Version |
CEF format version |
CEF:0 |
|
Device Vendor |
Device Vendor |
TXOne Networks |
|
Device Product |
Device Product |
StellarProtect |
|
Device Version |
Device Version |
2.0.1145 |
|
Device Event Class ID |
Event ID |
{} |
|
Name |
Event category |
Agent Event |
|
Severity |
LOG_CRIT: 2 LOG_WARNING: 4 LOG_INFO: 6 |
{2, 4, 6} |
|
Extension |
||
|
eventTime |
StellarProtect format |
Apr 02 2022 13:31:51 GMT+00:00 |
|
msg |
<string> |
|
|
category |
OPTION: 0 SYSTEM: 1 INTELLI_AV: 2 ANOMALY_DETECT: 3 CHANGE_CONTROL: 4 DEVICE_CONTROL: 5 MISC: 15 |
|
|
agentEndpoint |
<string> |
|
|
agentIp |
<string> |
|
|
agentLocation |
<string> |
|
|
agentVendor |
<string> |
|
|
agentModel |
<string> |
|
|
agentOS |
<string> |
|
|
policyVersion |
<string> |
|
|
detailMsg |
<string> |
|
|
targetProcess |
<string> |
|
|
fileHash |
<string> |
|
|
threatType |
<string> |
|
|
threatName |
<string> |
|
|
filePath |
<string> |
|
|
actionResult |
<int> |
|
|
quarantinePath |
<string> |
|
|
obadMode |
<string> |
|
|
obadLevel |
<string> |
|
|
accessUser |
<string> |
|
|
processId |
<string> |
|
|
parentProcess1 |
<string> |
|
|
parentProcess2 |
<string> |
|
|
parentProcess3 |
<string> |
|
|
parentProcess4 |
<string> |
|
|
targetArguments |
<string> |
|
|
parentArguments1 |
<string> |
|
|
parentArguments2 |
<string> |
|
|
parentArguments3 |
<string> |
|
|
parentArguments4 |
<string> |
|
|
blockedProcess |
<string> |
|
|
targetFile |
<string> |
|
|
vid |
<int> |
|
|
pid |
<int> |
|
|
sn |
<string> |
|
|
accessImagePath |
<string> |
|
|
srcPath |
<string> |
|
|
dstPath |
<string> |
|
|
errCode |
<int> |
|
|
patchFileName |
<string> |
|
|
filePath |
<string> |
|
|
type |
<string> |
|
