The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo's amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!
Table of Contents
Updated Parsers
mdm.kandji
- Added
- Added new table:
- mdm.kandji.audit.event
- Added new table:
box.win-fluentbit
- Added
- Added new table:
- box.winFluentbit.security.log
- Added new table:
mail.egress
- Added
- Added new tables:
- mail.egress.defend.inbound_event
- mail.egress.defend.linkclick_event
- mail.egress.defend.response_event
- mail.egress.defend.phish_reported_event
- Added new tables:
auth.all
- Improvements
- Updated mapping for source_ip and srcIp field of auth.all union table
- Updated parsing of auth.ping.id.mfa for extraction of resources fields:
- auth.ping.id.mfa
- cloud.azure.ad.signin.all
- auth.cisco.ise
- network.citrix.adc.sslvpn
cloud.azure
- Improvements
- Updated the parsing logic to handle cases where the 'level' field was null by introducing a new field 'level_str' to parse 'level' as a string:
- cloud.azure.ad.risky_users
- Updated the parsing logic to handle cases where the 'level' field was null by introducing a new field 'level_str' to parse 'level' as a string:
network.cisco
- Improvements
- Updated parsing logic by versioning to parse fields which were coming null:
- network.cisco
- network.cisco.router
- network.cisco.wlc
- Updated parsing logic by versioning to parse fields which were coming null:
ftp.crushftp
- Fixed
- Fixed parsing logic for the cases where serverdate was not passing correctly:
- ftp.crushftp.event
- Fixed parsing logic for the cases where serverdate was not passing correctly:
web.iis
- Improvements
- Updated parsing logic by versioning to support Microsoft v8.5 log structure:
- web.iis.accessW3c
- web.iis.accessW3cAll
- Updated parsing logic by versioning to support Microsoft v8.5 log structure:
cloud.azure
- Improvements
- Updated parsing logic for supporting properties object fields
- Fixed properties__timestamp parsing by adding properties__timestamp_str and applying conditional date parsing based on string length
- Added
- Added new parser as cloud.azure.functionapp.log:
- cloud.azure.appservice.http
- cloud.azure.ah.alert_info
- cloud.azure.functionapp.log
- Added new parser as cloud.azure.functionapp.log:
edr.microsoft_defender
- Improvements
- Added new fields:
- edr.microsoft_defender.endpoint.alerts
- Added new fields:
cloud.aws
- Added
- Added new table:
- cloud.aws.cloudtrail.devops_guru
- Added new table:
box.win_nxlog
- Added
- Added new table:
- box.win_nxlog.nps
- Added new table:
firewall.paloalto
- Improvements
- Added new fields:
- firewall.paloalto.audit
- Added new fields:
box.as400_powertech
- Added
- Added new table:
- box.as400_powertech.logagent.event
- Added new table:
cims.equifax
- Added
- Added new table:
- cims.equifax.eport.event
- Added new table: