The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!
Table of Contents
Updated Parsers
cloud.azure
Change Log
-
New fields added to the union for cloud.zure.ad.audit
box.win_nxlog
Change Log
-
Added new fields for box.win_nxlog*
box.win_snare
Change Log
-
Added new table for box.win_snare.fim
-
Added new fields and refactored powershell logs for box.win_snare*
-
Parser adapted to variable number of spaces between keys and values
-
Two new event types parsed
-
New log source added Sysmon
firewall.sophos
Change Log
-
Made timestamp a string so timezone is preserved for firewall.sophos.securenet.packetfilter
firewall.cisco
Change Log
-
Added new types for firewall.cisco.ftd
box.all.win
Change Log
-
Added new fields for box.all.win
firewall.fortinet
Change Log
-
Added missing fields from tables:
-
firewall.fortinet.event
-
firewall.fortinet.event.connector
-
firewall.fortinet.event.dhcp
-
Iam.pingdentity
Documentation in Progress
Change Log
-
Added new table for iam.pingidentity.pingaccess.server
cef0.checkpoint
Change Log
-
Added a new fields for:
-
cef0.checkPoint.unknown
-
cef0.checkPoint.connectra
-