Header Parameters
The following table describes the values shown in the Header section of CEF messages that OT Security generates.
| Parameter | General Description | OT Security Value | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Timestamp | The date and time that the log entry was generated in the MMM D HH:mm:ss format |
<12>Jan 12 02:50:45 | ||||||||||
| Source IP | The IP of the host that sent the Syslog message. | The IP of the OT Security appliance that sent the log entry. | ||||||||||
| CEF: Version | The mandatory prefix 'CEF:' followed by the CEF version number. | CEF:0 | ||||||||||
| Device Vendor | The vendor name for the sending device. | Tenable OT Security | ||||||||||
| Device Product | The product name of the sending device. |
Tenable OT Security
Note: This refers to the OT Security appliance.
|
||||||||||
| Device Version | The product version of the sending device. | The version of the OT Security appliance that is in use. For example: 3.17.40 | ||||||||||
| Device Event Class ID | A unique identifier for each event type. This can be a string or an integer. Device Event Class ID identifies the reported event type. | OT Security produces log entries with distinct Event Classes for each type of event that generates alerts. For the meaning of each Event Class ID, see Event Class IDs. | ||||||||||
| Name | The name of the Event Class. | OT Security provides a descriptive name corresponding to each of the Event Class IDs, see Event Class IDs. | ||||||||||
| Severity | A string or integer that reflects the importance of the event. The valid string values are Unknown, Low, Medium, High, and Very-High. The valid integer values are 0-3=Low, 4-6=Medium, 7- 8=High, and 9-10=Very-High. |
|