This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
asilahazwani
Ensign
Ensign
‎2016-04-05 09:06
725 views

CEF Field

What is the difference between event.categoryDeviceType , event.categoryDeviceGroup and event.categoryObject?

for example -->  event.categoryDeviceType = Operating system

                           event.categoryDeviceGroup  = /Operating system

                            eventcategory.Object = /Host/Operating system

Another example -->   event.categoryDeviceType = Network-based IDS/IPS

                           event.categoryDeviceGroup  = /Firewall

                            eventcategory.Object = /Host/Application/Service

This three seems identical . What is the difference? Can anyone explain a bit further?

Labels (2)
Labels
0 Likes
Reply
Report Inappropriate Content
3 Replies
shezaf1
Fleet Admiral
Fleet Admiral
‎2016-04-05 09:17

Those are explained in the

0 Likes
Reply
Report Inappropriate Content
asilahazwani
Ensign
Ensign
‎2016-04-05 09:35

What they are explained in the white paper is still not clear and fully understand. And also im a amateur in this arcsight cef field. Can you explain a bit about the three field?

0 Likes
Reply
Report Inappropriate Content
EricLamer
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2016-04-05 15:56

Those fields have nothing to do with CEF.  CEF is the format of the log.  Those 3 fields are related to categorization.  Each log should be categorized correctly in Arcsight to use categorization in ESM rules.

------------------------------------
Please use the Like button below, if you find this post useful or mark it as an accepted solution if it resolves your issue.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.