Mappings: McAfee Endpoint VSAS120PerformanceEvent
| Input | Value |
|---|---|
| Vendor | McAfee |
| Product | Endpoint Security |
| Log Format | JSON |
| Event ID Regex Pattern | VSAS120PerformanceEvent |
| Output | Value |
|---|---|
| Vendor | McAfee |
| Product | Endpoint Security |
| Record Type | Endpoint |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| device_hostname | VSAS120PerformanceEvent.MachineInfo.MachineName | |
| device_ip | VSAS120PerformanceEvent.MachineInfo.IPAddress | |
| device_mac | VSAS120PerformanceEvent.MachineInfo.RawMACAddress | |
| severity | VSAS120PerformanceEvent.ScannerSoftware.VSASPerformanceEventInfo.Severity | |
| timestamp | VSAS120PerformanceEvent.ScannerSoftware.VSASPerformanceEventInfo.GMTTime | We expect the orginal record value of VSAS120PerformanceEvent.ScannerSoftware.VSASPerformanceEventInfo.GMTTime is in the format YYYY-MM-dd'T'HH:mm:ss |
| user_username | VSAS120PerformanceEvent.MachineInfo.UserName |