You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/cef-name-mapping.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,6 +26,7 @@ For more information, see [Connect your external solution using Common Event For
26
26
|---------|---------|---------|
27
27
| act | <aname="deviceaction"></a> DeviceAction | The action mentioned in the event. |
28
28
| app | ApplicationProtocol | The protocol used in the application, such as HTTP, HTTPS, SSHv2, Telnet, POP, IMPA, IMAPS, and so on. |
29
+
| cat | DeviceEventCategory | Represents the category assigned by the originating device. Devices often use their own categorization schema to classify event. For example: `/Monitor/Disk/Read`. |
29
30
| cnt | EventCount | A count associated with the event, showing how many times the same event was observed. |
30
31
31
32
@@ -101,14 +102,15 @@ For more information, see [Connect your external solution using Common Event For
101
102
|oldFileSize | OldFileSize | Size of the old file.|
102
103
| oldFileType | OldFileType | File type of the old file, such as a pipe, socket, and so on.|
103
104
| out | SentBytes | Number of bytes transferred outbound. |
104
-
|Outcome|Outcome| Outcome of the event, such as `success` or `failure`.|
105
+
|outcome|EventOutcome| Outcome of the event, such as `success` or `failure`.|
105
106
|proto | Protocol | Transport protocol that identifies the Layer-4 protocol used. <br><br>Possible values include protocol names, such as `TCP` or `UDP`. |
106
107
107
108
108
109
## R - T
109
110
110
111
|CEF key name |CommonSecurityLog name |Description |
111
112
|---------|---------|---------|
113
+
| reason | Reason | The reason an audit event was generated. For example `badd password` or `unknown user`. This could also be an error or return code. For example: `0x1234`. |
112
114
|Request | RequestURL | The URL accessed for an HTTP request, including the protocol. For example, `http://www/secure.com`|
113
115
|requestClientApplication | RequestClientApplication | The user agent associated with the request. |
114
116
| requestContext | RequestContext | Describes the content from which the request originated, such as the HTTP Referrer. |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments