configs/cef.yml
cefVersion: 0
cefVendor: CloudPassage
cefProduct: CPHalo
cefProductVersion: 1.0
cefFieldMapping:
server_primary_ip_address: dst
server_ip_address: destinationTranslatedAddress
message: msg
created_at: rt
actor_ip_address: src
actor_username: duser
actor_key_id: duid
actor_key_label: dpriv
id: externalid
server_platform: cs2
server_id: cs3
server_group_name: cs4
policy_name: cs1
server_reported_fqdn: dvchost
cefCsLabels:
cs1Label: policy_name
cs2Label: server_platform
cs3Label: server_id
cs4Label: server_group_name
cs5Label: extras
eventIdMap:
account_created: 910
account_deleted: 911
activation_link_failed: 906
agent_upgrade_failed: 515
agent_upgrade_succeeded: 516
agent_upgrade_task_cancelled: 517
agent_upgrade_task_scheduled: 518
agent_upgrade_task_completed: 519
agent_key_regenerated: 900
agent_restarted: 520
api_client_created: 901
api_client_deleted: 902
api_client_secret_viewed: 904
api_client_updated: 903
api_login_failure: 909
api_login_success: 908
authentication_settings_modified: 907
authorized_ips_modified: 905
cloud_asset_configuration_rule_failed: 946
"ServerEvents::CloudAssetConfigurationRuleFailed": 946
container_event_add: 943
csp_account_provisioned: 938
csp_account_details_changed: 939
csp_account_deleted: 940
csp_account_deactivated: 523
csp_account_reactivated: 524
cve_exception_created: 604
cve_exception_deleted: 606
cve_exception_expired: 605
cve_exception_updated: 607
daemon_compromised: 712
daemon_retirement_timeout_modified: 727
daemon_settings_modified: 720
daemon_version_change: 713
duplicate_uid_accounts: 726
fim_baseline_created: 115
fim_baseline_deleted: 119
fim_baseline_expired: 120
fim_baseline_failed: 121
fim_baseline_invalid: 116
fim_exception_created: 122
fim_exception_deleted: 123
fim_exception_expired: 124
fim_object_added: 125
fim_object_missing: 126
fim_policy_assigned: 105
fim_policy_created: 107
fim_policy_deleted: 109
fim_policy_exported: 128
fim_policy_imported: 129
fim_policy_modified: 111
fim_policy_unassigned: 113
fim_re_baseline: 131
fim_scan_disabled: 101
fim_scan_enabled: 102
fim_scan_failed: 104
fim_scan_modified: 100
fim_scan_requested: 103
fim_scan_terminated: 514
fim_signature_changed: 127
fim_target_integrity_changed: 130
firewall_policy_assigned: 201
firewall_policy_created: 210
firewall_policy_deleted: 204
firewall_policy_modified: 206
firewall_policy_unassigned: 208
firewall_restore_requested: 216
firewall_service_added: 211
firewall_service_deleted: 213
firewall_service_modified: 215
ghostport_close: 316
ghostport_failure: 305
ghostport_provisioning: 311
ghostport_success: 306
halo_login_failure: 409
halo_login_success: 413
halo_logout: 416
halo_user_deactivated: 912
halo_user_deleted: 410
halo_user_invited: 913
halo_user_locked: 422
halo_user_logout: 414
halo_user_modified: 914
halo_user_reactivated: 916
halo_user_reinvited: 915
halo_user_unlocked: 423
image_collector_registered: 920
image_collector_registration_failed: 921
image_collector_deleted: 922
image_collector_deactivated: 923
image_collector_reactivated: 924
image_collector_missing: 925
image_collector_compromised: 937
image_collector_registration_key_regenerated: 945
image_collector_settings_modified: 926
image_status_changed: 927
image_security_status_changed: 928
image_issue_resolved: 929
image_inspection_status_changed: 944
ip_address_changed: 718
issue_resolved: 728
key_created: 812
key_deleted: 813
key_delivery_success: 822
key_expired: 818
key_request_success: 821
key_status_updated: 817
km_policy_assigned: 819
km_policy_created: 814
km_policy_deleted: 815
km_policy_modified: 816
km_policy_unassigned: 820
lids_policy_assigned: 825
lids_policy_created: 826
lids_policy_deleted: 827
lids_policy_exported: 828
lids_policy_modified: 829
lids_policy_unassigned: 830
lids_rule_failed: 831
lids_scan_disabled: 823
lids_scan_enabled: 824
local_account_activate_request: 804
local_account_create_request: 806
local_account_deactivate_request: 808
local_account_update_request: 809
local_account_update_ssh_keys_request: 811
master_account_linked: 917
multiple_root_accounts: 715
new_server: 716
password_changed: 415
password_config_changed: 918
password_recovery_request_failed: 419
password_recovery_requested: 400
password_recovery_success: 420
portal_audit_policy_modified: 431
repository_add: 931
repository_delete: 932
repository_modified: 933
registry_add: 934
registry_deleted: 935
registry_changed: 936
registry_status_changed: 941
sam_scan_requested: 504
sca_policy_assigned: 505
sca_policy_created: 506
sca_policy_deleted: 507
sca_policy_exported: 508
sca_policy_imported: 509
sca_policy_modified: 510
sca_policy_unassigned: 512
sca_rule_failed: 503
sca_scan_terminated: 513
scan_time_limit_modified: 521
server_account_created: 714
server_account_deleted: 705
server_deactivated: 707
server_reactivated: 708
server_deleted: 717
server_firewall_modified_locally: 706
server_group_added: 425
server_group_moved: 428
server_group_deleted: 427
server_missing: 719
server_moved: 721
server_restarted: 722
server_retired: 723
server_shutdown: 724
server_unretired: 725
session_timeout: 421
session_timeout_modified: 426
sms_phone_number_configured: 429
sms_phone_number_verified: 424
svm_scan_terminated: 522
totp_configured: 919
vulnerable_software_package_found: 603
vulnerable_software_package_found_on_image: 930
yubikey_configured: 430