The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!
Table of Contents
New Parsers
ndr.darktrace
Documentation in Progress
Change log
Support for Darktrace NDR
box.cisco
Documentation in Progress
Change log
Support for Cisco UCS manager
box.all.unix
Documentation in Progress
Change Log
New union table to gather together any event coming from a linux system no matter how they are
gathered.
Update Parsers
firewall.fortinet
Change log
New table firewall.fortinet.utm.waf
proxy.zscaler
Change log
Added new field cdfqdn to table proxy.zscaler.zia.firewall
network.meraki
Change log
Added more log types to network.meraki.events
crm.salesforce
Change log
- New tables added (JSON format)
- DCDM partially implemented
ddi.infoblox
Change log
Added new table ddi.infoblox.nios.lease_events
vpn.soft_ether
Change log
Added support for more events including more fields to the parser
endpoint.symantec
Change log
New table endpoint.symantec.sepm.system
firewall.watchguard
Change log
New table firewall.watchguard.event
firewall.paloalto
Change log
Added JSON support to the parsers