docs/reference/filebeat/exported-fields-cef-module.md
% This file is generated! See dev-tools/mage/generate_fields_docs.go
Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides.
Fields for Forcepoint Custom String mappings
forcepoint.virus_id
: Virus ID
type: keyword
Fields for Check Point custom string mappings.
checkpoint.app_risk
: Application risk.
type: keyword
checkpoint.app_severity
: Application threat severity.
type: keyword
checkpoint.app_sig_id
: The signature ID which the application was detected by.
type: keyword
checkpoint.auth_method
: Password authentication protocol used.
type: keyword
checkpoint.category
: Category.
type: keyword
checkpoint.confidence_level
: Confidence level determined.
type: integer
checkpoint.connectivity_state
: Connectivity state.
type: keyword
checkpoint.cookie
: IKE cookie.
type: keyword
checkpoint.dst_phone_number
: Destination IP-Phone.
type: keyword
checkpoint.email_control
: Engine name.
type: keyword
checkpoint.email_id
: Internal email ID.
type: keyword
checkpoint.email_recipients_num
: Number of recipients.
type: long
checkpoint.email_session_id
: Internal email session ID.
type: keyword
checkpoint.email_spool_id
: Internal email spool ID.
type: keyword
checkpoint.email_subject
: Email subject.
type: keyword
checkpoint.event_count
: Number of events associated with the log.
type: long
checkpoint.frequency
: Scan frequency.
type: keyword
checkpoint.icmp_type
: ICMP type.
type: long
checkpoint.icmp_code
: ICMP code.
type: long
checkpoint.identity_type
: Identity type.
type: keyword
checkpoint.incident_extension
: Format of original data.
type: keyword
checkpoint.integrity_av_invoke_type
: Scan invoke type.
type: keyword
checkpoint.malware_family
: Malware family.
type: keyword
checkpoint.peer_gateway
: Main IP of the peer Security Gateway.
type: ip
checkpoint.performance_impact
: Protection performance impact.
type: integer
checkpoint.protection_id
: Protection malware ID.
type: keyword
checkpoint.protection_name
: Specific signature name of the attack.
type: keyword
checkpoint.protection_type
: Type of protection used to detect the attack.
type: keyword
checkpoint.scan_result
: Scan result.
type: keyword
checkpoint.sensor_mode
: Sensor mode.
type: keyword
checkpoint.severity
: Threat severity.
type: keyword
checkpoint.spyware_name
: Spyware name.
type: keyword
checkpoint.spyware_status
: Spyware status.
type: keyword
checkpoint.subs_exp
: The expiration date of the subscription.
type: date
checkpoint.tcp_flags
: TCP packet flags.
type: keyword
checkpoint.termination_reason
: Termination reason.
type: keyword
checkpoint.update_status
: Update status.
type: keyword
checkpoint.user_status
: User response.
type: keyword
checkpoint.uuid
: External ID.
type: keyword
checkpoint.virus_name
: Virus name.
type: keyword
checkpoint.voip_log_type
: VoIP log types.
type: keyword
Extra vendor-specific extensions.
cef.extensions.cp_app_risk
: type: keyword
cef.extensions.cp_severity
: type: keyword
cef.extensions.ifname
: type: keyword
cef.extensions.inzone
: type: keyword
cef.extensions.layer_uuid
: type: keyword
cef.extensions.layer_name
: type: keyword
cef.extensions.logid
: type: keyword
cef.extensions.loguid
: type: keyword
cef.extensions.match_id
: type: keyword
cef.extensions.nat_addtnl_rulenum
: type: keyword
cef.extensions.nat_rulenum
: type: keyword
cef.extensions.origin
: type: keyword
cef.extensions.originsicname
: type: keyword
cef.extensions.outzone
: type: keyword
cef.extensions.parent_rule
: type: keyword
cef.extensions.product
: type: keyword
cef.extensions.rule_action
: type: keyword
cef.extensions.rule_uid
: type: keyword
cef.extensions.sequencenum
: type: keyword
cef.extensions.service_id
: type: keyword
cef.extensions.version
: type: keyword