Devo Parser Catalog Update for March

Related products:Devo Integrations

2 months ago
April 10, 2025
0 replies
29 views

juan.delrio
Community Manager
663 replies

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!

Table of Contents

Updated Parsers

auth.all

Link to Documentation

Change Log

Added New fields for: cloud.azure.ad.signin
New mapping added for: box.win_snare

edr.all.threats

Link to Documentation

Change Log

Added New tables:
- cloud.sophos.central.alerts
- Cloud.sophos.central.events
- Edr.crowdstrike.falconstreaming.detection_summary
- edr.microsoft_defender.endpoint.alerts
Updated table:
- edr.crowdstrike.falconstreaming.epp_detection_summary

Cloud.azure

Link to Documentation

Change Log

Added New tables for Advanced Hunting sent by Azure:
- cloud.azure.ah.alert_evidence
- cloud.azure.ah.alert_info
- cloud.azure.ah.cloud_app_event
- cloud.azure.ah.device_event
- cloud.azure.ah.device_file_certificate
- cloud.azure.ah.device_file_event
- cloud.azure.ah.device_image_load_event
- cloud.azure.ah.device_info
- cloud.azure.ah.device_logon_event
- cloud.azure.ah.device_network_event
- cloud.azure.ah.device_network_info
- cloud.azure.ah.device_process_event
- cloud.azure.ah.device_registry_event
- cloud.azure.ah.device_identity_logon_event
- cloud.azure.ah.mail_atteachment_info
- cloud.azure.ah.mail_event
- cloud.azure.ah.mail_post_delivery_event
- cloud.azure.ah.mail_url_info
- cloud.azure.ah.url_click_event

ftp.crushftp

Link to Documentation

Change Log

Fixed parsing issues for: ftp.crushftp.event

Seg.checkpoint

Link to Documentation

Change Log

Fixed parsing issues for: seg.checkpoint.harmony.event

DDOS.arbor

Link to Documentation

Change Log

Fixed parsing issues and added support for legacy messages for: ddos.arbor.pravail.aps

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Updated Parsers

auth.all

edr.all.threats

Cloud.azure

ftp.crushftp

Seg.checkpoint

DDOS.arbor

Reply

Related topics

Why are all my free trials resulting in BILLING_ERROR?icon

Why are some of my subscriptions canceled due to a billing error?icon

About data discrepancies

Why are there so many billing error problems?icon

All Renewals Failing Due to Billing Error (Including Sandbox Users)icon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings