Package com.splunk.logging

Class SplunkCimLogEvent

  • public class SplunkCimLogEvent
extends Object
    SplunkCimLogEvent encapsulates the best practice logging semantics recommended by Splunk. It produces events of key, value pairs, properly formatted and quoted for logging with any of Java's standard logging libraries (logback, log4j, java.util.logging, etc.) and indexing by Splunk. The class has convenience methods to set the fields defined in the standard Splunk Common Information Model. SplunkCimLogEvent adds no timestamp to its fields, leaving you free to configure whatever timestamp format you prefer in your logging configuration. Logger logger = LoggerFactory.getLogger("splunk.logger"); SplunkCimLogEvent event = new SplunkCimLogEvent("Failed Login", "sshd:failure"); event.setAuthApp("jane"); event.setAuthUser("jane"); event.addField("somefieldname", "foobar"); logger.info(event.toString());
    See Also:
    Splunk CIM, Splunk Logging Best Practices

    • Field Detail

      • AC_MANAGEMENT_DEST_NT_DOMAIN

        public static String AC_MANAGEMENT_DEST_NT_DOMAIN

      • AC_MANAGEMENT_SIGNATURE

        public static String AC_MANAGEMENT_SIGNATURE

      • AC_MANAGEMENT_SRC_NT_DOMAIN

        public static String AC_MANAGEMENT_SRC_NT_DOMAIN

      • AUTH_ACTION

        public static String AUTH_ACTION

      • AUTH_APP

        public static String AUTH_APP

      • AUTH_DEST

        public static String AUTH_DEST

      • AUTH_SRC

        public static String AUTH_SRC

      • AUTH_SRC_USER

        public static String AUTH_SRC_USER

      • AUTH_USER

        public static String AUTH_USER

      • CHANGE_ENDPOINT_PROTECTION_ACTION

        public static String CHANGE_ENDPOINT_PROTECTION_ACTION

      • CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE

        public static String CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE

      • CHANGE_ENDPOINT_PROTECTION_DEST

        public static String CHANGE_ENDPOINT_PROTECTION_DEST

      • CHANGE_ENDPOINT_PROTECTION_HASH

        public static String CHANGE_ENDPOINT_PROTECTION_HASH

      • CHANGE_ENDPOINT_PROTECTION_GID

        public static String CHANGE_ENDPOINT_PROTECTION_GID

      • CHANGE_ENDPOINT_PROTECTION_ISDR

        public static String CHANGE_ENDPOINT_PROTECTION_ISDR

      • CHANGE_ENDPOINT_PROTECTION_MODE

        public static String CHANGE_ENDPOINT_PROTECTION_MODE

      • CHANGE_ENDPOINT_PROTECTION_MODTIME

        public static String CHANGE_ENDPOINT_PROTECTION_MODTIME

      • CHANGE_ENDPOINT_PROTECTION_PATH

        public static String CHANGE_ENDPOINT_PROTECTION_PATH

      • CHANGE_ENDPOINT_PROTECTION_SIZE

        public static String CHANGE_ENDPOINT_PROTECTION_SIZE

      • CHANGE_ENDPOINT_PROTECTION_UID

        public static String CHANGE_ENDPOINT_PROTECTION_UID

      • CHANGE_NETWORK_PROTECTION_ACTION

        public static String CHANGE_NETWORK_PROTECTION_ACTION

      • CHANGE_NETWORK_PROTECTION_COMMAND

        public static String CHANGE_NETWORK_PROTECTION_COMMAND

      • CHANGE_NETWORK_PROTECTION_DVC

        public static String CHANGE_NETWORK_PROTECTION_DVC

      • CHANGE_NETWORK_PROTECTION_USER

        public static String CHANGE_NETWORK_PROTECTION_USER

      • COMMON_CATEGORY

        public static String COMMON_CATEGORY

      • COMMON_COUNT

        public static String COMMON_COUNT

      • COMMON_DESC

        public static String COMMON_DESC

      • COMMON_DHCP_POOL

        public static String COMMON_DHCP_POOL

      • COMMON_DURATION

        public static String COMMON_DURATION

      • COMMON_DVC_HOST

        public static String COMMON_DVC_HOST

      • COMMON_DVC_IP

        public static String COMMON_DVC_IP

      • COMMON_DVC_IP6

        public static String COMMON_DVC_IP6

      • COMMON_DVC_LOCATION

        public static String COMMON_DVC_LOCATION

      • COMMON_DVC_MAC

        public static String COMMON_DVC_MAC

      • COMMON_DVC_NT_DOMAIN

        public static String COMMON_DVC_NT_DOMAIN

      • COMMON_DVC_NT_HOST

        public static String COMMON_DVC_NT_HOST

      • COMMON_DVC_TIME

        public static String COMMON_DVC_TIME

      • COMMON_END_TIME

        public static String COMMON_END_TIME

      • COMMON_EVENT_ID

        public static String COMMON_EVENT_ID

      • COMMON_LENGTH

        public static String COMMON_LENGTH

      • COMMON_LOG_LEVEL

        public static String COMMON_LOG_LEVEL

      • COMMON_NAME

        public static String COMMON_NAME

      • COMMON_PID

        public static String COMMON_PID

      • COMMON_PRIORITY

        public static String COMMON_PRIORITY

      • COMMON_PRODUCT

        public static String COMMON_PRODUCT

      • COMMON_PRODUCT_VERSION

        public static String COMMON_PRODUCT_VERSION

      • COMMON_REASON

        public static String COMMON_REASON

      • COMMON_RESULT

        public static String COMMON_RESULT

      • COMMON_SEVERITY

        public static String COMMON_SEVERITY

      • COMMON_START_TIME

        public static String COMMON_START_TIME

      • COMMON_TRANSACTION_ID

        public static String COMMON_TRANSACTION_ID

      • COMMON_URL

        public static String COMMON_URL

      • COMMON_VENDOR

        public static String COMMON_VENDOR

      • DNS_DEST_DOMAIN

        public static String DNS_DEST_DOMAIN

      • DNS_DEST_RECORD

        public static String DNS_DEST_RECORD

      • DNS_DEST_ZONE

        public static String DNS_DEST_ZONE

      • DNS_RECORD_CLASS

        public static String DNS_RECORD_CLASS

      • DNS_RECORD_TYPE

        public static String DNS_RECORD_TYPE

      • DNS_SRC_DOMAIN

        public static String DNS_SRC_DOMAIN

      • DNS_SRC_RECORD

        public static String DNS_SRC_RECORD

      • DNS_SRC_ZONE

        public static String DNS_SRC_ZONE

      • EMAIL_RECIPIENT

        public static String EMAIL_RECIPIENT

      • EMAIL_SENDER

        public static String EMAIL_SENDER

      • EMAIL_SUBJECT

        public static String EMAIL_SUBJECT

      • FILE_ACCESS_TIME

        public static String FILE_ACCESS_TIME

      • FILE_CREATE_TIME

        public static String FILE_CREATE_TIME

      • FILE_HASH

        public static String FILE_HASH

      • FILE_MODIFY_TIME

        public static String FILE_MODIFY_TIME

      • FILE_NAME

        public static String FILE_NAME

      • FILE_PATH

        public static String FILE_PATH

      • FILE_PERMISSION

        public static String FILE_PERMISSION

      • FILE_SIZE

        public static String FILE_SIZE

      • INTRUSION_DETECTION_CATEGORY

        public static String INTRUSION_DETECTION_CATEGORY

      • INTRUSION_DETECTION_DEST

        public static String INTRUSION_DETECTION_DEST

      • INTRUSION_DETECTION_DVC

        public static String INTRUSION_DETECTION_DVC

      • INTRUSION_DETECTION_IDS_TYPE

        public static String INTRUSION_DETECTION_IDS_TYPE

      • INTRUSION_DETECTION_PRODUCT

        public static String INTRUSION_DETECTION_PRODUCT

      • INTRUSION_DETECTION_SEVERITY

        public static String INTRUSION_DETECTION_SEVERITY

      • INTRUSION_DETECTION_SIGNATURE

        public static String INTRUSION_DETECTION_SIGNATURE

      • INTRUSION_DETECTION_SRC

        public static String INTRUSION_DETECTION_SRC

      • INTRUSION_DETECTION_USER

        public static String INTRUSION_DETECTION_USER

      • INTRUSION_DETECTION_VENDOR

        public static String INTRUSION_DETECTION_VENDOR

      • MALWARE_ENDPOINT_PROTECTION_ACTION

        public static String MALWARE_ENDPOINT_PROTECTION_ACTION

      • MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN

        public static String MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN

      • MALWARE_ENDPOINT_PROTECTION_FILE_HASH

        public static String MALWARE_ENDPOINT_PROTECTION_FILE_HASH

      • MALWARE_ENDPOINT_PROTECTION_FILE_NAME

        public static String MALWARE_ENDPOINT_PROTECTION_FILE_NAME

      • MALWARE_ENDPOINT_PROTECTION_FILE_PATH

        public static String MALWARE_ENDPOINT_PROTECTION_FILE_PATH

      • MALWARE_ENDPOINT_PROTECTION_PRODUCT

        public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT

      • MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION

        public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION

      • MALWARE_ENDPOINT_PROTECTION_SIGNATURE

        public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE

      • MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION

        public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION

      • MALWARE_ENDPOINT_PROTECTION_DEST

        public static String MALWARE_ENDPOINT_PROTECTION_DEST

      • MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN

        public static String MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN

      • MALWARE_ENDPOINT_PROTECTION_USER

        public static String MALWARE_ENDPOINT_PROTECTION_USER

      • MALWARE_ENDPOINT_PROTECTION_VENDOR

        public static String MALWARE_ENDPOINT_PROTECTION_VENDOR

      • MALWARE_NETWORK_PROTECTION_PRODUCT

        public static String MALWARE_NETWORK_PROTECTION_PRODUCT

      • MALWARE_NETWORK_PROTECTION_SEVERITY

        public static String MALWARE_NETWORK_PROTECTION_SEVERITY

      • MALWARE_NETWORK_PROTECTION_VENDOR

        public static String MALWARE_NETWORK_PROTECTION_VENDOR

      • NETWORK_TRAFFIC_ESS_ACTION

        public static String NETWORK_TRAFFIC_ESS_ACTION

      • NETWORK_TRAFFIC_ESS_DEST_PORT

        public static String NETWORK_TRAFFIC_ESS_DEST_PORT

      • NETWORK_TRAFFIC_ESS_PRODUCT

        public static String NETWORK_TRAFFIC_ESS_PRODUCT

      • NETWORK_TRAFFIC_ESS_SRC_PORT

        public static String NETWORK_TRAFFIC_ESS_SRC_PORT

      • NETWORK_TRAFFIC_ESS_VENDOR

        public static String NETWORK_TRAFFIC_ESS_VENDOR

      • NETWORK_TRAFFIC_GENERIC_APP_LAYER

        public static String NETWORK_TRAFFIC_GENERIC_APP_LAYER

      • NETWORK_TRAFFIC_GENERIC_BYTES_IN

        public static String NETWORK_TRAFFIC_GENERIC_BYTES_IN

      • NETWORK_TRAFFIC_GENERIC_BYTES_OUT

        public static String NETWORK_TRAFFIC_GENERIC_BYTES_OUT

      • NETWORK_TRAFFIC_GENERIC_CHANNEL

        public static String NETWORK_TRAFFIC_GENERIC_CHANNEL

      • NETWORK_TRAFFIC_GENERIC_CVE

        public static String NETWORK_TRAFFIC_GENERIC_CVE

      • NETWORK_TRAFFIC_GENERIC_DEST_APP

        public static String NETWORK_TRAFFIC_GENERIC_DEST_APP

      • NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL

        public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL

      • NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME

        public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME

      • NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT

        public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT

      • NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY

        public static String NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY

      • NETWORK_TRAFFIC_GENERIC_DEST_HOST

        public static String NETWORK_TRAFFIC_GENERIC_DEST_HOST

      • NETWORK_TRAFFIC_GENERIC_DEST_INT

        public static String NETWORK_TRAFFIC_GENERIC_DEST_INT

      • NETWORK_TRAFFIC_GENERIC_DEST_IP

        public static String NETWORK_TRAFFIC_GENERIC_DEST_IP

      • NETWORK_TRAFFIC_GENERIC_DEST_IPV6

        public static String NETWORK_TRAFFIC_GENERIC_DEST_IPV6

      • NETWORK_TRAFFIC_GENERIC_DEST_LAT

        public static String NETWORK_TRAFFIC_GENERIC_DEST_LAT

      • NETWORK_TRAFFIC_GENERIC_DEST_LONG

        public static String NETWORK_TRAFFIC_GENERIC_DEST_LONG

      • NETWORK_TRAFFIC_GENERIC_DEST_MAC

        public static String NETWORK_TRAFFIC_GENERIC_DEST_MAC

      • NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN

        public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN

      • NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST

        public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST

      • NETWORK_TRAFFIC_GENERIC_DEST_PORT

        public static String NETWORK_TRAFFIC_GENERIC_DEST_PORT

      • NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP

        public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP

      • NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT

        public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT

      • NETWORK_TRAFFIC_GENERIC_IP_VERSION

        public static String NETWORK_TRAFFIC_GENERIC_IP_VERSION

      • NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE

        public static String NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE

      • NETWORK_TRAFFIC_GENERIC_PACKETS_IN

        public static String NETWORK_TRAFFIC_GENERIC_PACKETS_IN

      • NETWORK_TRAFFIC_GENERIC_PACKETS_OUT

        public static String NETWORK_TRAFFIC_GENERIC_PACKETS_OUT

      • NETWORK_TRAFFIC_GENERIC_PROTO

        public static String NETWORK_TRAFFIC_GENERIC_PROTO

      • NETWORK_TRAFFIC_GENERIC_SESSION_ID

        public static String NETWORK_TRAFFIC_GENERIC_SESSION_ID

      • NETWORK_TRAFFIC_GENERIC_SSID

        public static String NETWORK_TRAFFIC_GENERIC_SSID

      • NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY

        public static String NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY

      • NETWORK_TRAFFIC_GENERIC_SRC_HOST

        public static String NETWORK_TRAFFIC_GENERIC_SRC_HOST

      • NETWORK_TRAFFIC_GENERIC_SRC_INT

        public static String NETWORK_TRAFFIC_GENERIC_SRC_INT

      • NETWORK_TRAFFIC_GENERIC_SRC_IP

        public static String NETWORK_TRAFFIC_GENERIC_SRC_IP

      • NETWORK_TRAFFIC_GENERIC_SRC_IPV6

        public static String NETWORK_TRAFFIC_GENERIC_SRC_IPV6

      • NETWORK_TRAFFIC_GENERIC_SRC_LAT

        public static String NETWORK_TRAFFIC_GENERIC_SRC_LAT

      • NETWORK_TRAFFIC_GENERIC_SRC_LONG

        public static String NETWORK_TRAFFIC_GENERIC_SRC_LONG

      • NETWORK_TRAFFIC_GENERIC_SRC_MAC

        public static String NETWORK_TRAFFIC_GENERIC_SRC_MAC

      • NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN

        public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN

      • NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST

        public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST

      • NETWORK_TRAFFIC_GENERIC_SRC_PORT

        public static String NETWORK_TRAFFIC_GENERIC_SRC_PORT

      • NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP

        public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP

      • NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT

        public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT

      • NETWORK_TRAFFIC_GENERIC_SYSLOG_ID

        public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_ID

      • NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY

        public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY

      • NETWORK_TRAFFIC_GENERIC_TCP_FLAG

        public static String NETWORK_TRAFFIC_GENERIC_TCP_FLAG

      • NETWORK_TRAFFIC_GENERIC_TOS

        public static String NETWORK_TRAFFIC_GENERIC_TOS

      • NETWORK_TRAFFIC_GENERIC_TRANSPORT

        public static String NETWORK_TRAFFIC_GENERIC_TRANSPORT

      • NETWORK_TRAFFIC_GENERIC_TTL

        public static String NETWORK_TRAFFIC_GENERIC_TTL

      • NETWORK_TRAFFIC_GENERIC_VLAN_ID

        public static String NETWORK_TRAFFIC_GENERIC_VLAN_ID

      • NETWORK_TRAFFIC_GENERIC_VLAN_NAME

        public static String NETWORK_TRAFFIC_GENERIC_VLAN_NAME

      • PACKET_FILTERING_ACTION

        public static String PACKET_FILTERING_ACTION

      • PACKET_FILTERING_DEST_PORT

        public static String PACKET_FILTERING_DEST_PORT

      • PACKET_FILTERING_DIRECTION

        public static String PACKET_FILTERING_DIRECTION

      • PACKET_FILTERING_DVC

        public static String PACKET_FILTERING_DVC

      • PACKET_FILTERING_RULE

        public static String PACKET_FILTERING_RULE

      • PACKET_FILTERING_SVC_PORT

        public static String PACKET_FILTERING_SVC_PORT

      • PROXY_ACTION

        public static String PROXY_ACTION

      • PROXY_DEST

        public static String PROXY_DEST

      • PROXY_HTTP_CONTENT_TYPE

        public static String PROXY_HTTP_CONTENT_TYPE

      • PROXY_HTTP_METHOD

        public static String PROXY_HTTP_METHOD

      • PROXY_HTTP_REFER

        public static String PROXY_HTTP_REFER

      • PROXY_HTTP_RESPONSE

        public static String PROXY_HTTP_RESPONSE

      • PROXY_HTTP_USER_AGENT

        public static String PROXY_HTTP_USER_AGENT

      • PROXY_PRODUCT

        public static String PROXY_PRODUCT

      • PROXY_SRC

        public static String PROXY_SRC

      • PROXY_STATUS

        public static String PROXY_STATUS

      • PROXY_USER

        public static String PROXY_USER

      • PROXY_URL

        public static String PROXY_URL

      • PROXY_VENDOR

        public static String PROXY_VENDOR

      • SYSTEM_CENTER_APP

        public static String SYSTEM_CENTER_APP

      • SYSTEM_CENTER_FREEMBYTES

        public static String SYSTEM_CENTER_FREEMBYTES

      • SYSTEM_CENTER_KERNEL_RELEASE

        public static String SYSTEM_CENTER_KERNEL_RELEASE

      • SYSTEM_CENTER_LABEL

        public static String SYSTEM_CENTER_LABEL

      • SYSTEM_CENTER_MOUNT

        public static String SYSTEM_CENTER_MOUNT

      • SYSTEM_CENTER_OS

        public static String SYSTEM_CENTER_OS

      • SYSTEM_CENTER_PERCENTPROCESSORTIME

        public static String SYSTEM_CENTER_PERCENTPROCESSORTIME

      • SYSTEM_CENTER_SETLOCALDEFS

        public static String SYSTEM_CENTER_SETLOCALDEFS

      • SYSTEM_CENTER_SELINUX

        public static String SYSTEM_CENTER_SELINUX

      • SYSTEM_CENTER_SELINUXTYPE

        public static String SYSTEM_CENTER_SELINUXTYPE

      • SYSTEM_CENTER_SHELL

        public static String SYSTEM_CENTER_SHELL

      • SYSTEM_CENTER_SRC_PORT

        public static String SYSTEM_CENTER_SRC_PORT

      • SYSTEM_CENTER_SSHD_PROTOCOL

        public static String SYSTEM_CENTER_SSHD_PROTOCOL

      • SYSTEM_CENTER_STARTMODE

        public static String SYSTEM_CENTER_STARTMODE

      • SYSTEM_CENTER_SYSTEMUPTIME

        public static String SYSTEM_CENTER_SYSTEMUPTIME

      • SYSTEM_CENTER_TOTALMBYTES

        public static String SYSTEM_CENTER_TOTALMBYTES

      • SYSTEM_CENTER_USEDMBYTES

        public static String SYSTEM_CENTER_USEDMBYTES

      • SYSTEM_CENTER_USER

        public static String SYSTEM_CENTER_USER

      • SYSTEM_CENTER_UPDATES

        public static String SYSTEM_CENTER_UPDATES

      • TRAFFIC_DEST

        public static String TRAFFIC_DEST

      • TRAFFIC_DVC

        public static String TRAFFIC_DVC

      • TRAFFIC_SRC

        public static String TRAFFIC_SRC

      • UPDATE_PACKAGE

        public static String UPDATE_PACKAGE

      • USER_INFO_UPDATES_AFFECTED_USER

        public static String USER_INFO_UPDATES_AFFECTED_USER

      • USER_INFO_UPDATES_AFFECTED_USER_GROUP

        public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP

      • USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID

        public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID

      • USER_INFO_UPDATES_AFFECTED_USER_ID

        public static String USER_INFO_UPDATES_AFFECTED_USER_ID

      • USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE

        public static String USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE

      • USER_INFO_UPDATES_USER

        public static String USER_INFO_UPDATES_USER

      • USER_INFO_UPDATES_USER_GROUP

        public static String USER_INFO_UPDATES_USER_GROUP

      • USER_INFO_UPDATES_USER_GROUP_ID

        public static String USER_INFO_UPDATES_USER_GROUP_ID

      • USER_INFO_UPDATES_USER_ID

        public static String USER_INFO_UPDATES_USER_ID

      • USER_INFO_UPDATES_USER_PRIVILEGE

        public static String USER_INFO_UPDATES_USER_PRIVILEGE

      • USER_INFO_UPDATES_USER_SUBJECT

        public static String USER_INFO_UPDATES_USER_SUBJECT

      • USER_INFO_UPDATES_USER_SUBJECT_ID

        public static String USER_INFO_UPDATES_USER_SUBJECT_ID

      • USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE

        public static String USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE

      • VULNERABILITY_CATEGORY

        public static String VULNERABILITY_CATEGORY

      • VULNERABILITY_DEST

        public static String VULNERABILITY_DEST

      • VULNERABILITY_OS

        public static String VULNERABILITY_OS

      • VULNERABILITY_SEVERITY

        public static String VULNERABILITY_SEVERITY

      • VULNERABILITY_SIGNATURE

        public static String VULNERABILITY_SIGNATURE

      • WINDOWS_ADMIN_OBJECT_NAME

        public static String WINDOWS_ADMIN_OBJECT_NAME

      • WINDOWS_ADMIN_OBJECT_TYPE

        public static String WINDOWS_ADMIN_OBJECT_TYPE

      • WINDOWS_ADMIN_OBJECT_HANDLE

        public static String WINDOWS_ADMIN_OBJECT_HANDLE

    • Constructor Detail

      • SplunkCimLogEvent

        public SplunkCimLogEvent​(String eventName,
                         String eventID)
        Parameters:
        eventName - event name
        eventID - event ID

    • Method Detail

      • addField

        public void addField​(String key,
                     Object value)
        Add a key value pair. The value may be any Java object which returns a sensible result from its toString method. For logging exceptions, consider using addThrowableWithStacktrace instead.
        Parameters:
        key - key
        value - value

      • addThrowableWithStacktrace

        public void addThrowableWithStacktrace​(Throwable throwable)
        Logs an exception with its stacktrace nicely formatted for indexing and searching by Splunk.
        Parameters:
        throwable - the Throwable object to add to the event

      • addThrowableWithStacktrace

        public void addThrowableWithStacktrace​(Throwable throwable,
                                       int stacktraceDepth)
        Logs an exception with the first stacktraceDepth elements of its stacktrace nicely formatted for indexing and searching by Splunk,
        Parameters:
        throwable - the Throwable object to add to the event
        stacktraceDepth - maximum number of stacktrace elements to log

      • setAcManagementDestNtDomain

        public void setAcManagementDestNtDomain​(String acManagementDestNtDomain)
        The domain containing the user that is affected by the account management event.

      • setAcManagementSignature

        public void setAcManagementSignature​(String acManagementSignature)
        Description of the account management change performed.

      • setAcManagementSrcNtDomain

        public void setAcManagementSrcNtDomain​(String acManagementSrcNtDomain)
        The NT source of the destination. In the case of an account management event, this is the domain that contains the user that generated the event.

      • setAuthAction

        public void setAuthAction​(String authAction)
        The action performed on the resource. success, failure

      • setAuthApp

        public void setAuthApp​(String authApp)
        The application involved in the event (such as ssh, spunk, win:local).

      • setAuthDest

        public void setAuthDest​(String authDest)
        The target involved in the authentication. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setAuthSrc

        public void setAuthSrc​(String authSrc)
        The source involved in the authentication. In the case of endpoint protection authentication the src is the client. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.. It is required for all events dealing with endpoint protection (Authentication, change analysis, malware, system center, and update). Note: Do not confuse this with the event source or sourcetype fields.

      • setAuthSrcUser

        public void setAuthSrcUser​(String authSrcUser)
        In privilege escalation events, src_user represents the user who initiated the privilege escalation.

      • setAuthUser

        public void setAuthUser​(String authUser)
        The name of the user involved in the event, or who initiated the event. For authentication privilege escalation events this should represent the user targeted by the escalation.

      • setChangeEndpointProtectionAction

        public void setChangeEndpointProtectionAction​(String changeEndpointProtectionAction)
        The action performed on the resource.

      • setChangeEndpointProtectionChangeType

        public void setChangeEndpointProtectionChangeType​(String changeEndpointProtectionChangeType)
        The type of change discovered in the change analysis event.

      • setChangeEndpointProtectionDest

        public void setChangeEndpointProtectionDest​(String changeEndpointProtectionDest)
        The host that was affected by the change. If your field is named dest_host,dest_ip,dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setChangeEndpointProtectionHash

        public void setChangeEndpointProtectionHash​(String changeEndpointProtectionHash)
        The hash signature of the modified resource.

      • setChangeEndpointProtectionGid

        public void setChangeEndpointProtectionGid​(long changeEndpointProtectionGid)
        The group ID of the modified resource.

      • setChangeEndpointProtectionIsdr

        public void setChangeEndpointProtectionIsdr​(boolean changeEndpointProtectionIsdr)
        Indicates whether or not the modified resource is a directory.

      • setChangeEndpointProtectionMode

        public void setChangeEndpointProtectionMode​(long changeEndpointProtectionMode)
        The permissions mode of the modified resource.

      • setChangeEndpointProtectionModtime

        public void setChangeEndpointProtectionModtime​(String changeEndpointProtectionModtime)
        The modification time of the modified resource.

      • setChangeEndpointProtectionPath

        public void setChangeEndpointProtectionPath​(String changeEndpointProtectionPath)
        The file path of the modified resource.

      • setChangeEndpointProtectionSize

        public void setChangeEndpointProtectionSize​(long changeEndpointProtectionSize)
        The size of the modified resource.

      • setChangeEndpointProtectionUid

        public void setChangeEndpointProtectionUid​(long changeEndpointProtectionUid)
        The user ID of the modified resource.

      • setChangeNetworkProtectionAction

        public void setChangeNetworkProtectionAction​(String changeNetworkProtectionAction)
        The type of change observed.

      • setChangeNetworkProtectionCommand

        public void setChangeNetworkProtectionCommand​(String changeNetworkProtectionCommand)
        The command that initiated the change.

      • setChangeNetworkProtectionDvc

        public void setChangeNetworkProtectionDvc​(String changeNetworkProtectionDvc)
        The device that is directly affected by the change.

      • setChangeNetworkProtectionUser

        public void setChangeNetworkProtectionUser​(String changeNetworkProtectionUser)
        The user that initiated the change.

      • setCommonCategory

        public void setCommonCategory​(String commonCategory)
        A device-specific classification provided as part of the event.

      • setCommonCount

        public void setCommonCount​(String commonCount)
        A device-specific classification provided as part of the event.

      • setCommonDesc

        public void setCommonDesc​(String commonDesc)
        The free-form description of a particular event.

      • setCommonDhcpPool

        public void setCommonDhcpPool​(String commonDhcpPool)
        The name of a given DHCP pool on a DHCP server.

      • setCommonDuration

        public void setCommonDuration​(long commonDuration)
        The amount of time the event lasted.

      • setCommonDvcHost

        public void setCommonDvcHost​(String commonDvcHost)
        The fully qualified domain name of the device transmitting or recording the log record.

      • setCommonDvcIp

        public void setCommonDvcIp​(String commonDvcIp)
        The IPv4 address of the device reporting the event.

      • setCommonDvcIp6

        public void setCommonDvcIp6​(String commonDvcIp6)
        The IPv6 address of the device reporting the event.

      • setCommonDvcLocation

        public void setCommonDvcLocation​(String commonDvcLocation)
        The free-form description of the device's physical location.

      • setCommonDvcMac

        public void setCommonDvcMac​(String commonDvcMac)
        The MAC (layer 2) address of the device reporting the event.

      • setCommonDvcNtDomain

        public void setCommonDvcNtDomain​(String commonDvcNtDomain)
        The Windows NT domain of the device recording or transmitting the event.

      • setCommonDvcNtHost

        public void setCommonDvcNtHost​(String commonDvcNtHost)
        The Windows NT host name of the device recording or transmitting the event.

      • setCommonDvcTime

        public void setCommonDvcTime​(long commonDvcTime)
        Time at which the device recorded the event.

      • setCommonEndTime

        public void setCommonEndTime​(long commonEndTime)
        The event's specified end time.

      • setCommonEventId

        public void setCommonEventId​(long commonEventId)
        A unique identifier that identifies the event. This is unique to the reporting device.

      • setCommonLength

        public void setCommonLength​(long commonLength)
        The length of the datagram, event, message, or packet.

      • setCommonLogLevel

        public void setCommonLogLevel​(String commonLogLevel)
        The log-level that was set on the device and recorded in the event.

      • setCommonName

        public void setCommonName​(String commonName)
        The name of the event as reported by the device. The name should not contain information that's already being parsed into other fields from the event, such as IP addresses.

      • setCommonPid

        public void setCommonPid​(long commonPid)
        An integer assigned by the device operating system to the process creating the record.

      • setCommonPriority

        public void setCommonPriority​(long commonPriority)
        An environment-specific assessment of the event's importance, based on elements such as event severity, business function of the affected system, or other locally defined variables.

      • setCommonProduct

        public void setCommonProduct​(String commonProduct)
        The product that generated the event.

      • setCommonProductVersion

        public void setCommonProductVersion​(long commonProductVersion)
        The version of the product that generated the event.

      • setCommonReason

        public void setCommonReason​(String commonReason)
        The result root cause, such as connection refused, timeout, crash, and so on.

      • setCommonResult

        public void setCommonResult​(String commonResult)
        The action result. Often is a binary choice: succeeded and failed, allowed and denied, and so on.

      • setCommonSeverity

        public void setCommonSeverity​(String commonSeverity)
        The severity (or priority) of an event as reported by the originating device.

      • setCommonStartTime

        public void setCommonStartTime​(long commonStartTime)
        The event's specified start time.

      • setCommonTransactionId

        public void setCommonTransactionId​(String commonTransactionId)
        The transaction identifier.

      • setCommonUrl

        public void setCommonUrl​(String commonUrl)
        A uniform record locator (a web address, in other words) included in a record.

      • setCommonVendor

        public void setCommonVendor​(String commonVendor)
        The vendor who made the product that generated the event.

      • setDnsDestDomain

        public void setDnsDestDomain​(String dnsDestDomain)
        The DNS domain that has been queried.

      • setDnsDestRecord

        public void setDnsDestRecord​(String dnsDestRecord)
        The remote DNS resource record being acted upon.

      • setDnsDestZone

        public void setDnsDestZone​(String dnsDestZone)
        The DNS zone that is being received by the slave as part of a zone transfer.

      • setDnsRecordClass

        public void setDnsRecordClass​(String dnsRecordClass)
        The DNS resource record class.

      • setDnsSrcDomain

        public void setDnsSrcDomain​(String dnsSrcDomain)
        The local DNS domain that is being queried.

      • setDnsSrcRecord

        public void setDnsSrcRecord​(String dnsSrcRecord)
        The local DNS resource record being acted upon.

      • setDnsSrcZone

        public void setDnsSrcZone​(String dnsSrcZone)
        The DNS zone that is being transferred by the master as part of a zone transfer.

      • setEmailRecipient

        public void setEmailRecipient​(String emailRecipient)
        The person to whom an email is sent.

      • setEmailSender

        public void setEmailSender​(String emailSender)
        The person responsible for sending an email.

      • setEmailSubject

        public void setEmailSubject​(String emailSubject)
        The email subject line.

      • setFileAccessTime

        public void setFileAccessTime​(long fileAccessTime)
        The time the file (the object of the event) was accessed.

      • setFileCreateTime

        public void setFileCreateTime​(long fileCreateTime)
        The time the file (the object of the event) was created.

      • setFileHash

        public void setFileHash​(String fileHash)
        A cryptographic identifier assigned to the file object affected by the event.

      • setFileModifyTime

        public void setFileModifyTime​(long fileModifyTime)
        The time the file (the object of the event) was altered.

      • setFileName

        public void setFileName​(String fileName)
        The name of the file that is the object of the event (without location information related to local file or directory structure).

      • setFilePath

        public void setFilePath​(String filePath)
        The location of the file that is the object of the event, in terms of local file and directory structure.

      • setFilePermission

        public void setFilePermission​(String filePermission)
        Access controls associated with the file affected by the event.

      • setFileSize

        public void setFileSize​(long fileSize)
        The size of the file that is the object of the event. Indicate whether Bytes, KB, MB, GB.

      • setIntrusionDetectionCategory

        public void setIntrusionDetectionCategory​(String intrusionDetectionCategory)
        The category of the triggered signature.

      • setIntrusionDetectionDest

        public void setIntrusionDetectionDest​(String intrusionDetectionDest)
        The destination of the attack detected by the intrusion detection system (IDS). If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setIntrusionDetectionDvc

        public void setIntrusionDetectionDvc​(String intrusionDetectionDvc)
        The device that detected the intrusion event.

      • setIntrusionDetectionIdsType

        public void setIntrusionDetectionIdsType​(String intrusionDetectionIdsType)
        The type of IDS that generated the event.

      • setIntrusionDetectionProduct

        public void setIntrusionDetectionProduct​(String intrusionDetectionProduct)
        The product name of the vendor technology generating network protection data, such as IDP, Providentia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setIntrusionDetectionSeverity

        public void setIntrusionDetectionSeverity​(String intrusionDetectionSeverity)
        The severity of the network protection event (such as critical, high, medium, low, or informational). Note: This field is a string. Please use a severity_id field for severity ID fields that are integer data types.

      • setIntrusionDetectionSignature

        public void setIntrusionDetectionSignature​(String intrusionDetectionSignature)
        The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre.

      • setIntrusionDetectionSrc

        public void setIntrusionDetectionSrc​(String intrusionDetectionSrc)
        The source involved in the attack detected by the IDS. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.

      • setIntrusionDetectionUser

        public void setIntrusionDetectionUser​(String intrusionDetectionUser)
        The user involved with the intrusion detection event.

      • setIntrusionDetectionVendor

        public void setIntrusionDetectionVendor​(String intrusionDetectionVendor)
        The vendor technology used to generate network protection data, such as IDP, Providentia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setMalwareEndpointProtectionAction

        public void setMalwareEndpointProtectionAction​(String malwareEndpointProtectionAction)
        The outcome of the infection

      • setMalwareEndpointProtectionDestNtDomain

        public void setMalwareEndpointProtectionDestNtDomain​(String malwareEndpointProtectionDestNtDomain)
        The NT domain of the destination (the dest_bestmatch).

      • setMalwareEndpointProtectionFileHash

        public void setMalwareEndpointProtectionFileHash​(String malwareEndpointProtectionFileHash)
        The cryptographic hash of the file associated with the malware event (such as the malicious or infected file).

      • setMalwareEndpointProtectionFileName

        public void setMalwareEndpointProtectionFileName​(String malwareEndpointProtectionFileName)
        The name of the file involved in the malware event (such as the infected or malicious file).

      • setMalwareEndpointProtectionFilePath

        public void setMalwareEndpointProtectionFilePath​(String malwareEndpointProtectionFilePath)
        The path of the file involved in the malware event (such as the infected or malicious file).

      • setMalwareEndpointProtectionProduct

        public void setMalwareEndpointProtectionProduct​(String malwareEndpointProtectionProduct)
        The product name of the vendor technology (the vendor field) that is generating malware data (such as Antivirus or EPO).

      • setMalwareEndpointProtectionProductVersion

        public void setMalwareEndpointProtectionProductVersion​(String malwareEndpointProtectionProductVersion)
        The product version number of the vendor technology installed on the client (such as 10.4.3 or 11.0.2).

      • setMalwareEndpointProtectionSignature

        public void setMalwareEndpointProtectionSignature​(String malwareEndpointProtectionSignature)
        The name of the malware infection detected on the client (the src), such as Trojan.Vundo,Spyware.Gaobot,W32.Nimbda). Note: This field is a string. Please use a signature_id field for signature ID fields that are integer data types.

      • setMalwareEndpointProtectionSignatureVersion

        public void setMalwareEndpointProtectionSignatureVersion​(String malwareEndpointProtectionSignatureVersion)
        The current signature definition set running on the client, such as 11hsvx)

      • setMalwareEndpointProtectionDest

        public void setMalwareEndpointProtectionDest​(String malwareEndpointProtectionDest)
        The target affected or infected by the malware. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setMalwareEndpointProtectionSrcNtDomain

        public void setMalwareEndpointProtectionSrcNtDomain​(String malwareEndpointProtectionSrcNtDomain)
        The NT domain of the source (the src).

      • setMalwareEndpointProtectionUser

        public void setMalwareEndpointProtectionUser​(String malwareEndpointProtectionUser)
        The name of the user involved in the malware event.

      • setMalwareEndpointProtectionVendor

        public void setMalwareEndpointProtectionVendor​(String malwareEndpointProtectionVendor)
        The name of the vendor technology generating malware data, such as Symantec or McAfee.

      • setMalwareNetworkProtectionProduct

        public void setMalwareNetworkProtectionProduct​(String malwareNetworkProtectionProduct)
        The product name of the vendor technology generating network protection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setMalwareNetworkProtectionSeverity

        public void setMalwareNetworkProtectionSeverity​(String malwareNetworkProtectionSeverity)
        The severity of the network protection event (such as critical, high, medium, low, or informational). Note: This field is a string. Please use a severity_id field for severity ID fields that are integer data types.

      • setMalwareNetworkProtectionVendor

        public void setMalwareNetworkProtectionVendor​(String malwareNetworkProtectionVendor)
        The vendor technology used to generate network protection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setNetworkTrafficEssAction

        public void setNetworkTrafficEssAction​(String networkTrafficEssAction)
        The action of the network traffic.

      • setNetworkTrafficEssDestPort

        public void setNetworkTrafficEssDestPort​(int networkTrafficEssDestPort)
        The destination port of the network traffic.

      • setNetworkTrafficEssProduct

        public void setNetworkTrafficEssProduct​(String networkTrafficEssProduct)
        The product name of the vendor technology generating NetworkProtection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setNetworkTrafficEssSrcPort

        public void setNetworkTrafficEssSrcPort​(int networkTrafficEssSrcPort)
        The source port of the network traffic.

      • setNetworkTrafficEssVendor

        public void setNetworkTrafficEssVendor​(String networkTrafficEssVendor)
        The vendor technology used to generate NetworkProtection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

      • setNetworkTrafficGenericAppLayer

        public void setNetworkTrafficGenericAppLayer​(String networkTrafficGenericAppLayer)
        The ISO layer 7 (application layer) protocol, such as HTTP, HTTPS, SSH, and IMAP.

      • setNetworkTrafficGenericBytesIn

        public void setNetworkTrafficGenericBytesIn​(long networkTrafficGenericBytesIn)
        How many bytes this device/interface received.

      • setNetworkTrafficGenericBytesOut

        public void setNetworkTrafficGenericBytesOut​(long networkTrafficGenericBytesOut)
        How many bytes this device/interface transmitted.

      • setNetworkTrafficGenericChannel

        public void setNetworkTrafficGenericChannel​(String networkTrafficGenericChannel)
        802.11 channel number used by a wireless network.

      • setNetworkTrafficGenericCve

        public void setNetworkTrafficGenericCve​(String networkTrafficGenericCve)
        The Common Vulnerabilities and Exposures (CVE) reference value.

      • setNetworkTrafficGenericDestApp

        public void setNetworkTrafficGenericDestApp​(String networkTrafficGenericDestApp)
        The destination application being targeted.

      • setNetworkTrafficGenericDestCncChannel

        public void setNetworkTrafficGenericDestCncChannel​(String networkTrafficGenericDestCncChannel)
        The destination command and control service channel.

      • setNetworkTrafficGenericDestCncName

        public void setNetworkTrafficGenericDestCncName​(String networkTrafficGenericDestCncName)
        The destination command and control service name.

      • setNetworkTrafficGenericDestCncPort

        public void setNetworkTrafficGenericDestCncPort​(String networkTrafficGenericDestCncPort)
        The destination command and control service port.

      • setNetworkTrafficGenericDestCountry

        public void setNetworkTrafficGenericDestCountry​(String networkTrafficGenericDestCountry)
        The country associated with a packet's recipient.

      • setNetworkTrafficGenericDestHost

        public void setNetworkTrafficGenericDestHost​(String networkTrafficGenericDestHost)
        The fully qualified host name of a packet's recipient. For HTTP sessions, this is the host header.

      • setNetworkTrafficGenericDestInt

        public void setNetworkTrafficGenericDestInt​(String networkTrafficGenericDestInt)
        The interface that is listening remotely or receiving packets locally.

      • setNetworkTrafficGenericDestIp

        public void setNetworkTrafficGenericDestIp​(String networkTrafficGenericDestIp)
        The IPv4 address of a packet's recipient.

      • setNetworkTrafficGenericDestIpv6

        public void setNetworkTrafficGenericDestIpv6​(String networkTrafficGenericDestIpv6)
        The IPv6 address of a packet's recipient.

      • setNetworkTrafficGenericDestLat

        public void setNetworkTrafficGenericDestLat​(int networkTrafficGenericDestLat)
        The (physical) latitude of a packet's destination.

      • setNetworkTrafficGenericDestLong

        public void setNetworkTrafficGenericDestLong​(int networkTrafficGenericDestLong)
        The (physical) longitude of a packet's destination.

      • setNetworkTrafficGenericDestMac

        public void setNetworkTrafficGenericDestMac​(String networkTrafficGenericDestMac)
        The destination TCP/IP layer 2 Media Access Control (MAC) address of a packet's destination.

      • setNetworkTrafficGenericDestNtDomain

        public void setNetworkTrafficGenericDestNtDomain​(String networkTrafficGenericDestNtDomain)
        The Windows NT domain containing a packet's destination.

      • setNetworkTrafficGenericDestNtHost

        public void setNetworkTrafficGenericDestNtHost​(String networkTrafficGenericDestNtHost)
        The Windows NT host name of a packet's destination.

      • setNetworkTrafficGenericDestPort

        public void setNetworkTrafficGenericDestPort​(int networkTrafficGenericDestPort)
        TCP/IP port to which a packet is being sent.

      • setNetworkTrafficGenericDestTranslatedIp

        public void setNetworkTrafficGenericDestTranslatedIp​(String networkTrafficGenericDestTranslatedIp)
        The NATed IPv4 address to which a packet has been sent.

      • setNetworkTrafficGenericDestTranslatedPort

        public void setNetworkTrafficGenericDestTranslatedPort​(int networkTrafficGenericDestTranslatedPort)
        The NATed port to which a packet has been sent.

      • setNetworkTrafficGenericIpVersion

        public void setNetworkTrafficGenericIpVersion​(int networkTrafficGenericIpVersion)
        The numbered Internet Protocol version.

      • setNetworkTrafficGenericOutboundInterface

        public void setNetworkTrafficGenericOutboundInterface​(String networkTrafficGenericOutboundInterface)
        The network interface through which a packet was transmitted.

      • setNetworkTrafficGenericPacketsIn

        public void setNetworkTrafficGenericPacketsIn​(long networkTrafficGenericPacketsIn)
        How many packets this device/interface received.

      • setNetworkTrafficGenericPacketsOut

        public void setNetworkTrafficGenericPacketsOut​(long networkTrafficGenericPacketsOut)
        How many packets this device/interface transmitted.

      • setNetworkTrafficGenericProto

        public void setNetworkTrafficGenericProto​(String networkTrafficGenericProto)
        The OSI layer 3 (Network Layer) protocol, such as IPv4/IPv6, ICMP, IPsec, IGMP or RIP.

      • setNetworkTrafficGenericSessionId

        public void setNetworkTrafficGenericSessionId​(String networkTrafficGenericSessionId)
        The session identifier. Multiple transactions build a session.

      • setNetworkTrafficGenericSsid

        public void setNetworkTrafficGenericSsid​(String networkTrafficGenericSsid)
        The 802.11 service set identifier (ssid) assigned to a wireless session.

      • setNetworkTrafficGenericSrcCountry

        public void setNetworkTrafficGenericSrcCountry​(String networkTrafficGenericSrcCountry)
        The country from which the packet was sent.

      • setNetworkTrafficGenericSrcHost

        public void setNetworkTrafficGenericSrcHost​(String networkTrafficGenericSrcHost)
        The fully qualified host name of the system that transmitted the packet. For Web logs, this is the HTTP client.

      • setNetworkTrafficGenericSrcInt

        public void setNetworkTrafficGenericSrcInt​(String networkTrafficGenericSrcInt)
        The interface that is listening locally or sending packets remotely.

      • setNetworkTrafficGenericSrcIp

        public void setNetworkTrafficGenericSrcIp​(String networkTrafficGenericSrcIp)
        The IPv4 address of the packet's source. For Web logs, this is the http client.

      • setNetworkTrafficGenericSrcIpv6

        public void setNetworkTrafficGenericSrcIpv6​(String networkTrafficGenericSrcIpv6)
        The IPv6 address of the packet's source.

      • setNetworkTrafficGenericSrcLat

        public void setNetworkTrafficGenericSrcLat​(int networkTrafficGenericSrcLat)
        The (physical) latitude of the packet's source.

      • setNetworkTrafficGenericSrcLong

        public void setNetworkTrafficGenericSrcLong​(int networkTrafficGenericSrcLong)
        The (physical) longitude of the packet's source.

      • setNetworkTrafficGenericSrcMac

        public void setNetworkTrafficGenericSrcMac​(String networkTrafficGenericSrcMac)
        The Media Access Control (MAC) address from which a packet was transmitted.

      • setNetworkTrafficGenericSrcNtDomain

        public void setNetworkTrafficGenericSrcNtDomain​(String networkTrafficGenericSrcNtDomain)
        The Windows NT domain containing the machines that generated the event.

      • setNetworkTrafficGenericSrcNtHost

        public void setNetworkTrafficGenericSrcNtHost​(String networkTrafficGenericSrcNtHost)
        The Windows NT hostname of the system that generated the event.

      • setNetworkTrafficGenericSrcPort

        public void setNetworkTrafficGenericSrcPort​(int networkTrafficGenericSrcPort)
        The network port from which a packet originated.

      • setNetworkTrafficGenericSrcTranslatedIp

        public void setNetworkTrafficGenericSrcTranslatedIp​(String networkTrafficGenericSrcTranslatedIp)
        The NATed IPv4 address from which a packet has been sent.

      • setNetworkTrafficGenericSrcTranslatedPort

        public void setNetworkTrafficGenericSrcTranslatedPort​(int networkTrafficGenericSrcTranslatedPort)
        The NATed network port from which a packet has been sent.

      • setNetworkTrafficGenericSyslogId

        public void setNetworkTrafficGenericSyslogId​(String networkTrafficGenericSyslogId)
        The application, process, or OS subsystem that generated the event.

      • setNetworkTrafficGenericSyslogPriority

        public void setNetworkTrafficGenericSyslogPriority​(String networkTrafficGenericSyslogPriority)
        The criticality of an event, as recorded by UNIX syslog.

      • setNetworkTrafficGenericTcpFlag

        public void setNetworkTrafficGenericTcpFlag​(String networkTrafficGenericTcpFlag)
        The TCP flag(s) specified in the event.

      • setNetworkTrafficGenericTos

        public void setNetworkTrafficGenericTos​(String networkTrafficGenericTos)
        The hex bit that specifies TCP 'type of service'
        See Also:
        Type of Service

      • setNetworkTrafficGenericTransport

        public void setNetworkTrafficGenericTransport​(String networkTrafficGenericTransport)
        The transport protocol.

      • setNetworkTrafficGenericTtl

        public void setNetworkTrafficGenericTtl​(int networkTrafficGenericTtl)
        The "time to live" of a packet or datagram.

      • setNetworkTrafficGenericVlanId

        public void setNetworkTrafficGenericVlanId​(long networkTrafficGenericVlanId)
        The numeric identifier assigned to the virtual local area network (VLAN) specified in the record.

      • setNetworkTrafficGenericVlanName

        public void setNetworkTrafficGenericVlanName​(String networkTrafficGenericVlanName)
        The name assigned to the virtual local area network (VLAN) specified in the record.

      • setPacketFilteringAction

        public void setPacketFilteringAction​(String packetFilteringAction)
        The action the filtering device (the dvc_bestmatch field) performed on the communication.

      • setPacketFilteringDestPort

        public void setPacketFilteringDestPort​(int packetFilteringDestPort)
        The IP port of the packet's destination, such as 22.

      • setPacketFilteringDirection

        public void setPacketFilteringDirection​(String packetFilteringDirection)
        The direction the packet is traveling.

      • setPacketFilteringDvc

        public void setPacketFilteringDvc​(String packetFilteringDvc)
        The name of the packet filtering device. If your field is named dvc_host, dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.

      • setPacketFilteringRule

        public void setPacketFilteringRule​(String packetFilteringRule)
        The rule which took action on the packet, such as 143.

      • setPacketFilteringSvcPort

        public void setPacketFilteringSvcPort​(int packetFilteringSvcPort)
        The IP port of the packet's source, such as 34541.

      • setProxyAction

        public void setProxyAction​(String proxyAction)
        The action taken by the proxy.

      • setProxyDest

        public void setProxyDest​(String proxyDest)
        The destination of the network traffic (the remote host).

      • setProxyHttpContentType

        public void setProxyHttpContentType​(String proxyHttpContentType)
        The content-type of the requested HTTP resource.

      • setProxyHttpMethod

        public void setProxyHttpMethod​(String proxyHttpMethod)
        The HTTP method used to request the resource.

      • setProxyHttpRefer

        public void setProxyHttpRefer​(String proxyHttpRefer)
        The HTTP referrer used to request the HTTP resource.

      • setProxyHttpResponse

        public void setProxyHttpResponse​(int proxyHttpResponse)
        The HTTP response code.

      • setProxyHttpUserAgent

        public void setProxyHttpUserAgent​(String proxyHttpUserAgent)
        The user agent used to request the HTTP resource.

      • setProxyProduct

        public void setProxyProduct​(String proxyProduct)
        The product name of the vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.

      • setProxySrc

        public void setProxySrc​(String proxySrc)
        The source of the network traffic (the client requesting the connection).

      • setProxyStatus

        public void setProxyStatus​(int proxyStatus)
        The HTTP response code indicating the status of the proxy request.

      • setProxyUser

        public void setProxyUser​(String proxyUser)
        The user that requested the HTTP resource.

      • setProxyUrl

        public void setProxyUrl​(String proxyUrl)
        The URL of the requested HTTP resource.

      • setProxyVendor

        public void setProxyVendor​(String proxyVendor)
        The vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.

      • setSystemCenterApp

        public void setSystemCenterApp​(String systemCenterApp)
        The running application or service on the system (the src field), such as explorer.exe or sshd.

      • setSystemCenterFreembytes

        public void setSystemCenterFreembytes​(long systemCenterFreembytes)
        The amount of disk space available per drive or mount (the mount field) on the system (the src field).

      • setSystemCenterKernelRelease

        public void setSystemCenterKernelRelease​(String systemCenterKernelRelease)
        The version of operating system installed on the host (the src field), such as 6.0.1.4 or 2.6.27.30-170.2.82.fc10.x86_64.

      • setSystemCenterLabel

        public void setSystemCenterLabel​(String systemCenterLabel)
        Human-readable version of the SystemUptime value.

      • setSystemCenterMount

        public void setSystemCenterMount​(String systemCenterMount)
        The drive or mount reporting available disk space (the FreeMBytes field) on the system (the src field).

      • setSystemCenterOs

        public void setSystemCenterOs​(String systemCenterOs)
        The name of the operating system installed on the host (the src), such as Microsoft Windows Server 2003 or GNU/Linux).

      • setSystemCenterPercentprocessortime

        public void setSystemCenterPercentprocessortime​(int systemCenterPercentprocessortime)
        The percentage of processor utilization.

      • setSystemCenterSetlocaldefs

        public void setSystemCenterSetlocaldefs​(int systemCenterSetlocaldefs)
        The setlocaldefs setting from the SE Linux configuration.

      • setSystemCenterSelinux

        public void setSystemCenterSelinux​(String systemCenterSelinux)
        Values from the SE Linux configuration file.

      • setSystemCenterSelinuxtype

        public void setSystemCenterSelinuxtype​(String systemCenterSelinuxtype)
        The SE Linux type (such as targeted).

      • setSystemCenterShell

        public void setSystemCenterShell​(String systemCenterShell)
        The shell provided to the User Account (the user field) upon logging into the system (the src field).

      • setSystemCenterSrcPort

        public void setSystemCenterSrcPort​(int systemCenterSrcPort)
        The TCP/UDP source port on the system (the src field).

      • setSystemCenterSshdProtocol

        public void setSystemCenterSshdProtocol​(String systemCenterSshdProtocol)
        The sshd protocol version.

      • setSystemCenterStartmode

        public void setSystemCenterStartmode​(String systemCenterStartmode)
        The start mode of the given service.

      • setSystemCenterSystemuptime

        public void setSystemCenterSystemuptime​(long systemCenterSystemuptime)
        The number of seconds since the system (the src) has been "up."

      • setSystemCenterTotalmbytes

        public void setSystemCenterTotalmbytes​(long systemCenterTotalmbytes)
        The total amount of available memory on the system (the src).

      • setSystemCenterUsedmbytes

        public void setSystemCenterUsedmbytes​(long systemCenterUsedmbytes)
        The amount of used memory on the system (the src).

      • setSystemCenterUser

        public void setSystemCenterUser​(String systemCenterUser)
        The User Account present on the system (the src).

      • setSystemCenterUpdates

        public void setSystemCenterUpdates​(long systemCenterUpdates)
        The number of updates the system (the src) is missing.

      • setTrafficDest

        public void setTrafficDest​(String trafficDest)
        The destination of the network traffic. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setTrafficDvc

        public void setTrafficDvc​(String trafficDvc)
        The name of the packet filtering device. If your field is named dvc_host, dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.

      • setTrafficSrc

        public void setTrafficSrc​(String trafficSrc)
        The source of the network traffic. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.

      • setUpdatePackage

        public void setUpdatePackage​(String updatePackage)
        The name of the installed update.

      • setUserInfoUpdatesAffectedUser

        public void setUserInfoUpdatesAffectedUser​(String userInfoUpdatesAffectedUser)
        A user that has been affected by a change. For example, user fflanda changed the name of user rhallen, so affected_user=rhallen.

      • setUserInfoUpdatesAffectedUserGroup

        public void setUserInfoUpdatesAffectedUserGroup​(String userInfoUpdatesAffectedUserGroup)
        The user group affected by a change.

      • setUserInfoUpdatesAffectedUserGroupId

        public void setUserInfoUpdatesAffectedUserGroupId​(int userInfoUpdatesAffectedUserGroupId)
        The identifier of the user group affected by a change.

      • setUserInfoUpdatesAffectedUserId

        public void setUserInfoUpdatesAffectedUserId​(int userInfoUpdatesAffectedUserId)
        The identifier of the user affected by a change.

      • setUserInfoUpdatesAffectedUserPrivilege

        public void setUserInfoUpdatesAffectedUserPrivilege​(String userInfoUpdatesAffectedUserPrivilege)
        The security context associated with the user affected by a change.

      • setUserInfoUpdatesUser

        public void setUserInfoUpdatesUser​(String userInfoUpdatesUser)
        The name of the user affected by the recorded event.

      • setUserInfoUpdatesUserGroup

        public void setUserInfoUpdatesUserGroup​(String userInfoUpdatesUserGroup)
        A user group that is the object of an event, expressed in human-readable terms.

      • setUserInfoUpdatesUserGroupId

        public void setUserInfoUpdatesUserGroupId​(int userInfoUpdatesUserGroupId)
        The numeric identifier assigned to the user group event object.

      • setUserInfoUpdatesUserId

        public void setUserInfoUpdatesUserId​(int userInfoUpdatesUserId)
        The system-assigned identifier for the user affected by an event.

      • setUserInfoUpdatesUserPrivilege

        public void setUserInfoUpdatesUserPrivilege​(String userInfoUpdatesUserPrivilege)
        The security context associated with the object of an event (the affected user).

      • setUserInfoUpdatesUserSubject

        public void setUserInfoUpdatesUserSubject​(String userInfoUpdatesUserSubject)
        The name of the user that is the subject of an event--the user executing the action, in other words.

      • setUserInfoUpdatesUserSubjectId

        public void setUserInfoUpdatesUserSubjectId​(int userInfoUpdatesUserSubjectId)
        The ID number of the user that is the subject of an event.

      • setUserInfoUpdatesUserSubjectPrivilege

        public void setUserInfoUpdatesUserSubjectPrivilege​(String userInfoUpdatesUserSubjectPrivilege)
        The security context associated with the subject of an event (the user causing a change).

      • setVulnerabilityCategory

        public void setVulnerabilityCategory​(String vulnerabilityCategory)
        The category of the discovered vulnerability.

      • setVulnerabilityDest

        public void setVulnerabilityDest​(String vulnerabilityDest)
        The host with the discovered vulnerability. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

      • setVulnerabilityOs

        public void setVulnerabilityOs​(String vulnerabilityOs)
        The operating system of the host containing the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.

      • setVulnerabilitySeverity

        public void setVulnerabilitySeverity​(String vulnerabilitySeverity)
        The severity of the discovered vulnerability.

      • setVulnerabilitySignature

        public void setVulnerabilitySignature​(String vulnerabilitySignature)
        The name of the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.

      • setWindowsAdminObjectName

        public void setWindowsAdminObjectName​(String windowsAdminObjectName)
        The object name (associated only with Windows).

      • setWindowsAdminObjectType

        public void setWindowsAdminObjectType​(String windowsAdminObjectType)
        The object type (associated only with Windows).

      • setWindowsAdminObjectHandle

        public void setWindowsAdminObjectHandle​(String windowsAdminObjectHandle)
        The object handle (associated only with Windows).