Cef event

Generates a event in CEF, Common Event Format. CEF module needs to be deployed for events to be displayed. For det

Configuration

Valve name: CefEvent

NameDescriptionDefault valueMandatoryExpanded

event_id

The event id to be logged

"PIPE_5593698771"

event_text

Descriptive text to be logged

"Fortified ID"

event_level

Log level.

"INFO"

cef_data

Array of key value pairs where dynamic data may be inserted

N/A

cef_data key value pairs configuration

Each JsonObject require two keys:

  • param_name - the name of the key

  • param_value - the value.

param_value supports expansion but not over items.

Allowed param_names

  • DESTINATION_ADDRESS

  • DESTINATION_HOST_NAME

  • DESTINATION_PORT

  • DESTINATION_USER_NAME

  • DESTINATION_SERVICE_NAME

  • SOURCE_SERVICE_NAME

  • TRANSPORT_PROTOCOL

  • REQUEST_URL

  • REQUEST_CLIENT_APPLICATION

  • REQUEST_COOKIES

  • REQUEST_METHOD

  • SOURCE_ADDRESS

  • CUSTOMER_IDENTIFIER

  • SOURCE_HOST_NAME

  • SOURCE_PORT

  • SOURCE_USER_NAME

  • MESSAGE

Message example

INFO: 2023-01-26T16:20:26.527118Z saturnus CEF:0|Fortified ID|Pipes|latest-SNAPSHOT|PIPE_5593698771|Fortified ID|1|msg=Custom message traceID=H2foLPth