Mappings: McAfee WebGateway - JSON
Input | Value |
---|---|
Vendor | McAfee |
Product | WebGateway |
Log Format | JSON |
Event ID Regex Pattern | Authenticate With NTLM |
Output | Value |
---|---|
Vendor | McAfee |
Product | Web Gateway |
Record Type | NetworkProxy |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | cheStatus | |
description | urlLongCat | |
device_hostname | hostName | |
device_ip | pxyAd | |
dstDevice_ip | dstAd | |
dstPort | pxyPort | |
file_mimeType | bodyFile | |
http_hostname | urlDom | |
http_method | commName | |
http_referer | headReferer | |
http_response_contentLength | bodySize | |
http_response_contentType | headContent | |
http_response_statusCode | respStatus | |
http_url | dstURL | |
http_userAgent | headUsrAgt | |
srcDevice_hostname | hostName | |
srcDevice_ip | srcAd | |
srcDevice_natIp | pxyOutAd | |
tcpProtocol | connProto | |
threat_identifier | appRep | |
threat_name | ruleName | |
threat_referenceUrl | urlHost | |
timestamp | timeStamp | We expect the orginal record value of timeStamp is in the format [dd/MMM/yyyy:HH:mm:ss Z] |
user_authDomain | authRealm | |
user_username | authUser |