Event Record Fields

From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 15:34, 22 November 2018 by Niall (Talk | contribs)

Jump to: navigation, search

Field Descriptions

Record Field Type Description
id
customerid integer The traffic group source identifier
device numeric(39,0) The numeric IPV6 address of the device sending us the flowsyslog records
firstseen bigint Millisecond timestamp of when this flow started
eventtype
eventsrctype
eventsrc
message
datatype
data
datasource
confidence
severity
category
target
country_src
division_src
latit_src
longd_src
country_dst
division_dst
latit_dst
longd_dst

Sample Records

Typical records from an Event table with obfuscated IP addresses and locations:

postureBlackListSrc (-11)

805729 0 "-1407899398" "1541583542242" -11 8 "xxx.xxx.208.28" "Black List Src Hit(Botnet Strong) xxx.xxx.208.28->xxx.xxx.166.159" 1 {"Application":"SSH TCP/22","Black List":"https://lists.blocklist.de/lists/strongips.txt","Black List Type":"Source","Eventer":"xxx.xxx.208.28","appid":393238,"bytes":44,"device":"xxx.xxx.40.250","domain":"","dstadd":"xx.xxx.166.159","dstport":22,"duration":0,"eventname":"Black List Src","flags":2,"fwevent":0,"fwextcode":0,"inif":14,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"xxx.xxx.208.28","srcport":28148,"time":1541583574022,"timeH":"7-Nov-2018 09:39:34.22","tos":0,"user":""}" "https://lists.blocklist.de/lists/strongips.txt" 75 80 "Botnet Strong" "xxx.xxx.166.159" "CN" "Gansu" "0.00000000000" "0.00000000000" "IE" "County Sligo" "0.00000000000" "0.00000000000"

Record Field Value
id 805729
customerid 0
device "-1407899398"
firstseen "1541583542242"
eventtype "1541583542242"
eventsrctype
eventsrc 8
message "Black List Src Hit(Botnet Strong) xxx.xxx.208.28->xxx.xxx.166.159"
datatype 1
data {"Application":"SSH TCP/22","Black List":"https://lists.blocklist.de/lists/strongips.txt","Black List Type":"Source","Eventer":"xxx.xxx.208.28","appid":393238,"bytes":44,"device":"xxx.xxx.40.250","domain":"","dstadd":"xx.xxx.166.159","dstport":22,"duration":0,"eventname":"Black List Src","flags":2,"fwevent":0,"fwextcode":0,"inif":14,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":13,"packets":1,"proto":6,"srcadd":"xxx.xxx.208.28","srcport":28148,"time":1541583574022,"timeH":"7-Nov-2018 09:39:34.22","tos":0,"user":""}"
datasource "https://lists.blocklist.de/lists/strongips.txt"
confidence 75
severity 80
category "Botnet Strong"
target "xxx.xxx.166.159"
country_src "CN"
division_src "Gansu"
latit_src "0.00000000000"
longd_src "0.00000000000"
country_dst "IE"
division_dst "County Sligo"
latit_dst "0.00000000000"
longd_dst "0.00000000000"