The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!
Table of Contents
Updated Parsers
cloud.alibaba
- Improvements
- Updated parsing logic to parse new fields:
- cloud.alibaba.log_service.access_log
- Updated parsing logic to parse new fields:
firewall.cisco
- Fixed
- Fixed parser to support logs for certain event IDs:
- firewall.cisco.ftd
- Fixed parser to support logs for certain event IDs:
cloud.gsuite
- Added
- Created vault_audit table for google workspace vault audit logs:
- cloud.gsuite.reports.vault_audit
- Created vault_audit table for google workspace vault audit logs:
cef0.checkPoint
- Improvements
- Updated parsing logic to parse new fields:
- cef0.checkPoint.threatEmulation
- cef0.checkPoint.smartdefenseAndVpn1Firewall1
- Updated parsing logic to parse new fields:
mim.venafi
- Added
- Added new table for mim.venafi.tlsprotectcloud.activitylogs:
- mim.venafi.tlsprotectcloud.activitylogs
- Added new table for mim.venafi.tlsprotectcloud.activitylogs:
mail.mimecast
- Improvements
- Updated parsing logic to parse new fields:
- mail.mimecast.audit.events
- Updated parsing logic to parse new fields:
box.win_winlogbeat
- Added
- Added new table for box.win_winlogbeat.dfs:
- box.win_winlogbeat.dfs
- Added new table for box.win_winlogbeat.dfs:
iam.cyberark
- Added
- Added new table for iam.cyberark.identity.audit:
- iam.cyberark.identity.audit
- Added new table for iam.cyberark.identity.audit: