Answer the question
In order to leave comments, you need to log in
A SIEM system event is presented in the CEF format. Need to find out the details of what happened?
The example below shows a SIEM system event in CEF format. Explain the details of what happened (give a full description of
the event).
CEF:0|CISCO|ASA||106001|Inbound TCP connection denied|High| eventId = 1043056081 mrt = 1529419728155 proto = TCP in = -2147483648 out = -2147483648
7 priority = art = 1529419728086 deviceSeverity = 2 rt = 1529426926000 deviceDirection = 0 src = 216.12.125.1 spt = 443 RU
= sourceGeoCountryCode slong slat = 37.6068 = 55.7386 dhost =ivanov.corp.lan dst=192.168.7.4 dpt=60118 dlong=0.0 dlat=0.0 cs3=ACK locality=0 cs1Label=ACL cs2Label=Unit
cs3Label=TCP Flags cs4Label=Order cs5Label=Connection Type cs6Label=Duration cn1Label=ICMP Type cn2Label=ICMP Code
cn3Label=DurationInSeconds ahost=agent.corp.lan agt=172.23.214.12 av=7.7.0.8044.0 atz=Europe/Moscow at=syslog dvchost=GW-NU
dtz=Europe/Moscow deviceInboundInterface=outside eventAnnotationStageUpdateTime=
152941972 eventAnnotationAnnotation455 =1,1529104031669,root,Queued,,,,\n eventAnnotationVersion=1
_cefVer=0.1
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question