Devo Parser Catalog Update for May

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!

Table of Contents

Updated Parsers

cloud.azure

Added new field
- cloud.azure.ad.signin_all

auth.all

Updated
- Replace cloud.azure.ad.signin table by cloud.azure.ad.signin_all union that includes all Azure AD (Entra ID) signing tables

ids.calyptix

Added new field
- ids.calyptix.snort.alert

proxy.calyptix

Added new field
- proxy.calyptix.webfilter.event

network.meraki

Added new fields
- network.meraki.security_event
- network.meraki.switch

cloud.meraki

Added new field
- cloud.meraki.api.changelog

box.win_snare

Added missing fields
- box.win_snare
- box.win_snare.sysmon

box.all.win

Added missing fields
- box.all.win

firewall.paloalto

Added support to LEEF 2.0 format
- firewall.paloalto.traffic

box.vmware

Fixed parsing issue for UDP and ICMP logs
- box.vmware.firewall_packet

cloud.alibaba

Added missing fields
- cloud.alibaba.log_service.access_log

firewall.barracuda

Fixed the null values issue
- firewall.barracuda.audit

cspm.sysdig.secure.event

Created a new table
- cspm.sysdig.secure.event

edr.all.threats

New table added to the union (ids.wazuh.alerts)
- Ids.wazuh.alerts
New table added to the union (cef0.kaspersky.kasperskyEndpointSecurityForWindows)
- cef0.kaspersky.kasperskyEndpointSecurityForWindows