Mappings: McAfee WebGateway - JSON
| Input | Value |
|---|---|
| Vendor | McAfee |
| Product | WebGateway |
| Log Format | JSON |
| Event ID Regex Pattern | Authenticate With NTLM |
| Output | Value |
|---|---|
| Vendor | McAfee |
| Product | Web Gateway |
| Record Type | NetworkProxy |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | cheStatus | |
| description | urlLongCat | |
| device_hostname | hostName | |
| device_ip | pxyAd | |
| dstDevice_ip | dstAd | |
| dstPort | pxyPort | |
| file_mimeType | bodyFile | |
| http_hostname | urlDom | |
| http_method | commName | |
| http_referer | headReferer | |
| http_response_contentLength | bodySize | |
| http_response_contentType | headContent | |
| http_response_statusCode | respStatus | |
| http_url | dstURL | |
| http_userAgent | headUsrAgt | |
| srcDevice_hostname | hostName | |
| srcDevice_ip | srcAd | |
| srcDevice_natIp | pxyOutAd | |
| tcpProtocol | connProto | |
| threat_identifier | appRep | |
| threat_name | ruleName | |
| threat_referenceUrl | urlHost | |
| timestamp | timeStamp | We expect the orginal record value of timeStamp is in the format [dd/MMM/yyyy:HH:mm:ss Z] |
| user_authDomain | authRealm | |
| user_username | authUser |