The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!

Table of Contents

New Parsers

itam.netwrix

Documentation in progress

Updated Parsers

cloud.aws

Link to Documentation

Change log

• Support for JSON in cloud.aws.vpc.flow

box.win_nxlog

Link to Documentation

Change Log

• Added parser for box.win_nxlog.ntlm

mail.postfix

Link to Documentation

Change log

• Added new fields

ftp.crushftp

Link to Documentation

Change log

• Added new fields for ftp.crushftp.event

firewall.paloalto

Link to Documentation

Change log

• Added a new field to firewall.paloalto.*

edr.crowdstrike

Link to Documentation

Change log

• Added new fields for edr.crowdstrike.cannon

endpoint.symantec

Link to Documentation

Change log

• Added new parser for endpoint.symantec.sepm.system

cef0.infoblox

Link to Documentation

Change log

• Added new fields for cef0infoblox.dataConnector

ips.all.alerts

Link to Documentation

Change log

• Added a new field

endpoint.bitdefender

Link to Documentation

Change log

• Modified fields for endpoint.bitdefender.agent.edr_alert