Package com.splunk.logging

Class SplunkCimLogEvent

java.lang.Object

com.splunk.logging.SplunkCimLogEvent

public class SplunkCimLogEvent
extends Object

SplunkCimLogEvent encapsulates the best practice logging semantics recommended by Splunk. It produces events of key, value pairs, properly formatted and quoted for logging with any of Java's standard logging libraries (logback, log4j, java.util.logging, etc.) and indexing by Splunk. The class has convenience methods to set the fields defined in the standard Splunk Common Information Model. SplunkCimLogEvent adds no timestamp to its fields, leaving you free to configure whatever timestamp format you prefer in your logging configuration. Logger logger = LoggerFactory.getLogger("splunk.logger"); SplunkCimLogEvent event = new SplunkCimLogEvent("Failed Login", "sshd:failure"); event.setAuthApp("jane"); event.setAuthUser("jane"); event.addField("somefieldname", "foobar"); logger.info(event.toString());

See Also:

Splunk CIM, Splunk Logging Best Practices

Field Summary

Fields

Modifier and Type	Field	Description
static String	AC_MANAGEMENT_DEST_NT_DOMAIN
static String	AC_MANAGEMENT_SIGNATURE
static String	AC_MANAGEMENT_SRC_NT_DOMAIN
static String	AUTH_ACTION
static String	AUTH_APP
static String	AUTH_DEST
static String	AUTH_SRC
static String	AUTH_SRC_USER
static String	AUTH_USER
static String	CHANGE_ENDPOINT_PROTECTION_ACTION
static String	CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE
static String	CHANGE_ENDPOINT_PROTECTION_DEST
static String	CHANGE_ENDPOINT_PROTECTION_GID
static String	CHANGE_ENDPOINT_PROTECTION_HASH
static String	CHANGE_ENDPOINT_PROTECTION_ISDR
static String	CHANGE_ENDPOINT_PROTECTION_MODE
static String	CHANGE_ENDPOINT_PROTECTION_MODTIME
static String	CHANGE_ENDPOINT_PROTECTION_PATH
static String	CHANGE_ENDPOINT_PROTECTION_SIZE
static String	CHANGE_ENDPOINT_PROTECTION_UID
static String	CHANGE_NETWORK_PROTECTION_ACTION
static String	CHANGE_NETWORK_PROTECTION_COMMAND
static String	CHANGE_NETWORK_PROTECTION_DVC
static String	CHANGE_NETWORK_PROTECTION_USER
static String	COMMON_CATEGORY
static String	COMMON_COUNT
static String	COMMON_DESC
static String	COMMON_DHCP_POOL
static String	COMMON_DURATION
static String	COMMON_DVC_HOST
static String	COMMON_DVC_IP
static String	COMMON_DVC_IP6
static String	COMMON_DVC_LOCATION
static String	COMMON_DVC_MAC
static String	COMMON_DVC_NT_DOMAIN
static String	COMMON_DVC_NT_HOST
static String	COMMON_DVC_TIME
static String	COMMON_END_TIME
static String	COMMON_EVENT_ID
static String	COMMON_LENGTH
static String	COMMON_LOG_LEVEL
static String	COMMON_NAME
static String	COMMON_PID
static String	COMMON_PRIORITY
static String	COMMON_PRODUCT
static String	COMMON_PRODUCT_VERSION
static String	COMMON_REASON
static String	COMMON_RESULT
static String	COMMON_SEVERITY
static String	COMMON_START_TIME
static String	COMMON_TRANSACTION_ID
static String	COMMON_URL
static String	COMMON_VENDOR
static String	DNS_DEST_DOMAIN
static String	DNS_DEST_RECORD
static String	DNS_DEST_ZONE
static String	DNS_RECORD_CLASS
static String	DNS_RECORD_TYPE
static String	DNS_SRC_DOMAIN
static String	DNS_SRC_RECORD
static String	DNS_SRC_ZONE
static String	EMAIL_RECIPIENT
static String	EMAIL_SENDER
static String	EMAIL_SUBJECT
static String	FILE_ACCESS_TIME
static String	FILE_CREATE_TIME
static String	FILE_HASH
static String	FILE_MODIFY_TIME
static String	FILE_NAME
static String	FILE_PATH
static String	FILE_PERMISSION
static String	FILE_SIZE
static String	INTRUSION_DETECTION_CATEGORY
static String	INTRUSION_DETECTION_DEST
static String	INTRUSION_DETECTION_DVC
static String	INTRUSION_DETECTION_IDS_TYPE
static String	INTRUSION_DETECTION_PRODUCT
static String	INTRUSION_DETECTION_SEVERITY
static String	INTRUSION_DETECTION_SIGNATURE
static String	INTRUSION_DETECTION_SRC
static String	INTRUSION_DETECTION_USER
static String	INTRUSION_DETECTION_VENDOR
static String	MALWARE_ENDPOINT_PROTECTION_ACTION
static String	MALWARE_ENDPOINT_PROTECTION_DEST
static String	MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN
static String	MALWARE_ENDPOINT_PROTECTION_FILE_HASH
static String	MALWARE_ENDPOINT_PROTECTION_FILE_NAME
static String	MALWARE_ENDPOINT_PROTECTION_FILE_PATH
static String	MALWARE_ENDPOINT_PROTECTION_PRODUCT
static String	MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION
static String	MALWARE_ENDPOINT_PROTECTION_SIGNATURE
static String	MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION
static String	MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN
static String	MALWARE_ENDPOINT_PROTECTION_USER
static String	MALWARE_ENDPOINT_PROTECTION_VENDOR
static String	MALWARE_NETWORK_PROTECTION_PRODUCT
static String	MALWARE_NETWORK_PROTECTION_SEVERITY
static String	MALWARE_NETWORK_PROTECTION_VENDOR
static String	NETWORK_TRAFFIC_ESS_ACTION
static String	NETWORK_TRAFFIC_ESS_DEST_PORT
static String	NETWORK_TRAFFIC_ESS_PRODUCT
static String	NETWORK_TRAFFIC_ESS_SRC_PORT
static String	NETWORK_TRAFFIC_ESS_VENDOR
static String	NETWORK_TRAFFIC_GENERIC_APP_LAYER
static String	NETWORK_TRAFFIC_GENERIC_BYTES_IN
static String	NETWORK_TRAFFIC_GENERIC_BYTES_OUT
static String	NETWORK_TRAFFIC_GENERIC_CHANNEL
static String	NETWORK_TRAFFIC_GENERIC_CVE
static String	NETWORK_TRAFFIC_GENERIC_DEST_APP
static String	NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL
static String	NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME
static String	NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT
static String	NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY
static String	NETWORK_TRAFFIC_GENERIC_DEST_HOST
static String	NETWORK_TRAFFIC_GENERIC_DEST_INT
static String	NETWORK_TRAFFIC_GENERIC_DEST_IP
static String	NETWORK_TRAFFIC_GENERIC_DEST_IPV6
static String	NETWORK_TRAFFIC_GENERIC_DEST_LAT
static String	NETWORK_TRAFFIC_GENERIC_DEST_LONG
static String	NETWORK_TRAFFIC_GENERIC_DEST_MAC
static String	NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN
static String	NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST
static String	NETWORK_TRAFFIC_GENERIC_DEST_PORT
static String	NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP
static String	NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT
static String	NETWORK_TRAFFIC_GENERIC_IP_VERSION
static String	NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE
static String	NETWORK_TRAFFIC_GENERIC_PACKETS_IN
static String	NETWORK_TRAFFIC_GENERIC_PACKETS_OUT
static String	NETWORK_TRAFFIC_GENERIC_PROTO
static String	NETWORK_TRAFFIC_GENERIC_SESSION_ID
static String	NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY
static String	NETWORK_TRAFFIC_GENERIC_SRC_HOST
static String	NETWORK_TRAFFIC_GENERIC_SRC_INT
static String	NETWORK_TRAFFIC_GENERIC_SRC_IP
static String	NETWORK_TRAFFIC_GENERIC_SRC_IPV6
static String	NETWORK_TRAFFIC_GENERIC_SRC_LAT
static String	NETWORK_TRAFFIC_GENERIC_SRC_LONG
static String	NETWORK_TRAFFIC_GENERIC_SRC_MAC
static String	NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN
static String	NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST
static String	NETWORK_TRAFFIC_GENERIC_SRC_PORT
static String	NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP
static String	NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT
static String	NETWORK_TRAFFIC_GENERIC_SSID
static String	NETWORK_TRAFFIC_GENERIC_SYSLOG_ID
static String	NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY
static String	NETWORK_TRAFFIC_GENERIC_TCP_FLAG
static String	NETWORK_TRAFFIC_GENERIC_TOS
static String	NETWORK_TRAFFIC_GENERIC_TRANSPORT
static String	NETWORK_TRAFFIC_GENERIC_TTL
static String	NETWORK_TRAFFIC_GENERIC_VLAN_ID
static String	NETWORK_TRAFFIC_GENERIC_VLAN_NAME
static String	PACKET_FILTERING_ACTION
static String	PACKET_FILTERING_DEST_PORT
static String	PACKET_FILTERING_DIRECTION
static String	PACKET_FILTERING_DVC
static String	PACKET_FILTERING_RULE
static String	PACKET_FILTERING_SVC_PORT
static String	PROXY_ACTION
static String	PROXY_DEST
static String	PROXY_HTTP_CONTENT_TYPE
static String	PROXY_HTTP_METHOD
static String	PROXY_HTTP_REFER
static String	PROXY_HTTP_RESPONSE
static String	PROXY_HTTP_USER_AGENT
static String	PROXY_PRODUCT
static String	PROXY_SRC
static String	PROXY_STATUS
static String	PROXY_URL
static String	PROXY_USER
static String	PROXY_VENDOR
static String	SYSTEM_CENTER_APP
static String	SYSTEM_CENTER_FREEMBYTES
static String	SYSTEM_CENTER_KERNEL_RELEASE
static String	SYSTEM_CENTER_LABEL
static String	SYSTEM_CENTER_MOUNT
static String	SYSTEM_CENTER_OS
static String	SYSTEM_CENTER_PERCENTPROCESSORTIME
static String	SYSTEM_CENTER_SELINUX
static String	SYSTEM_CENTER_SELINUXTYPE
static String	SYSTEM_CENTER_SETLOCALDEFS
static String	SYSTEM_CENTER_SHELL
static String	SYSTEM_CENTER_SRC_PORT
static String	SYSTEM_CENTER_SSHD_PROTOCOL
static String	SYSTEM_CENTER_STARTMODE
static String	SYSTEM_CENTER_SYSTEMUPTIME
static String	SYSTEM_CENTER_TOTALMBYTES
static String	SYSTEM_CENTER_UPDATES
static String	SYSTEM_CENTER_USEDMBYTES
static String	SYSTEM_CENTER_USER
static String	TRAFFIC_DEST
static String	TRAFFIC_DVC
static String	TRAFFIC_SRC
static String	UPDATE_PACKAGE
static String	USER_INFO_UPDATES_AFFECTED_USER
static String	USER_INFO_UPDATES_AFFECTED_USER_GROUP
static String	USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID
static String	USER_INFO_UPDATES_AFFECTED_USER_ID
static String	USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE
static String	USER_INFO_UPDATES_USER
static String	USER_INFO_UPDATES_USER_GROUP
static String	USER_INFO_UPDATES_USER_GROUP_ID
static String	USER_INFO_UPDATES_USER_ID
static String	USER_INFO_UPDATES_USER_PRIVILEGE
static String	USER_INFO_UPDATES_USER_SUBJECT
static String	USER_INFO_UPDATES_USER_SUBJECT_ID
static String	USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE
static String	VULNERABILITY_CATEGORY
static String	VULNERABILITY_DEST
static String	VULNERABILITY_OS
static String	VULNERABILITY_SEVERITY
static String	VULNERABILITY_SIGNATURE
static String	WINDOWS_ADMIN_OBJECT_HANDLE
static String	WINDOWS_ADMIN_OBJECT_NAME
static String	WINDOWS_ADMIN_OBJECT_TYPE

Constructor Summary

Constructors

Constructor	Description
SplunkCimLogEvent(String eventName, String eventID)

Method Summary

Modifier and Type	Method	Description
void	addField(String key, Object value)	Add a key value pair.
void	addThrowableWithStacktrace(Throwable throwable)	Logs an exception with its stacktrace nicely formatted for indexing and searching by Splunk.
void	addThrowableWithStacktrace(Throwable throwable, int stacktraceDepth)	Logs an exception with the first stacktraceDepth elements of its stacktrace nicely formatted for indexing and searching by Splunk,
void	setAcManagementDestNtDomain(String acManagementDestNtDomain)	The domain containing the user that is affected by the account management event.
void	setAcManagementSignature(String acManagementSignature)	Description of the account management change performed.
void	setAcManagementSrcNtDomain(String acManagementSrcNtDomain)	The NT source of the destination.
void	setAuthAction(String authAction)	The action performed on the resource.
void	setAuthApp(String authApp)	The application involved in the event (such as ssh, spunk, win:local).
void	setAuthDest(String authDest)	The target involved in the authentication.
void	setAuthSrc(String authSrc)	The source involved in the authentication.
void	setAuthSrcUser(String authSrcUser)	In privilege escalation events, src_user represents the user who initiated the privilege escalation.
void	setAuthUser(String authUser)	The name of the user involved in the event, or who initiated the event.
void	setChangeEndpointProtectionAction(String changeEndpointProtectionAction)	The action performed on the resource.
void	setChangeEndpointProtectionChangeType(String changeEndpointProtectionChangeType)	The type of change discovered in the change analysis event.
void	setChangeEndpointProtectionDest(String changeEndpointProtectionDest)	The host that was affected by the change.
void	setChangeEndpointProtectionGid(long changeEndpointProtectionGid)	The group ID of the modified resource.
void	setChangeEndpointProtectionHash(String changeEndpointProtectionHash)	The hash signature of the modified resource.
void	setChangeEndpointProtectionIsdr(boolean changeEndpointProtectionIsdr)	Indicates whether or not the modified resource is a directory.
void	setChangeEndpointProtectionMode(long changeEndpointProtectionMode)	The permissions mode of the modified resource.
void	setChangeEndpointProtectionModtime(String changeEndpointProtectionModtime)	The modification time of the modified resource.
void	setChangeEndpointProtectionPath(String changeEndpointProtectionPath)	The file path of the modified resource.
void	setChangeEndpointProtectionSize(long changeEndpointProtectionSize)	The size of the modified resource.
void	setChangeEndpointProtectionUid(long changeEndpointProtectionUid)	The user ID of the modified resource.
void	setChangeNetworkProtectionAction(String changeNetworkProtectionAction)	The type of change observed.
void	setChangeNetworkProtectionCommand(String changeNetworkProtectionCommand)	The command that initiated the change.
void	setChangeNetworkProtectionDvc(String changeNetworkProtectionDvc)	The device that is directly affected by the change.
void	setChangeNetworkProtectionUser(String changeNetworkProtectionUser)	The user that initiated the change.
void	setCommonCategory(String commonCategory)	A device-specific classification provided as part of the event.
void	setCommonCount(String commonCount)	A device-specific classification provided as part of the event.
void	setCommonDesc(String commonDesc)	The free-form description of a particular event.
void	setCommonDhcpPool(String commonDhcpPool)	The name of a given DHCP pool on a DHCP server.
void	setCommonDuration(long commonDuration)	The amount of time the event lasted.
void	setCommonDvcHost(String commonDvcHost)	The fully qualified domain name of the device transmitting or recording the log record.
void	setCommonDvcIp(String commonDvcIp)	The IPv4 address of the device reporting the event.
void	setCommonDvcIp6(String commonDvcIp6)	The IPv6 address of the device reporting the event.
void	setCommonDvcLocation(String commonDvcLocation)	The free-form description of the device's physical location.
void	setCommonDvcMac(String commonDvcMac)	The MAC (layer 2) address of the device reporting the event.
void	setCommonDvcNtDomain(String commonDvcNtDomain)	The Windows NT domain of the device recording or transmitting the event.
void	setCommonDvcNtHost(String commonDvcNtHost)	The Windows NT host name of the device recording or transmitting the event.
void	setCommonDvcTime(long commonDvcTime)	Time at which the device recorded the event.
void	setCommonEndTime(long commonEndTime)	The event's specified end time.
void	setCommonEventId(long commonEventId)	A unique identifier that identifies the event.
void	setCommonLength(long commonLength)	The length of the datagram, event, message, or packet.
void	setCommonLogLevel(String commonLogLevel)	The log-level that was set on the device and recorded in the event.
void	setCommonName(String commonName)	The name of the event as reported by the device.
void	setCommonPid(long commonPid)	An integer assigned by the device operating system to the process creating the record.
void	setCommonPriority(long commonPriority)	An environment-specific assessment of the event's importance, based on elements such as event severity, business function of the affected system, or other locally defined variables.
void	setCommonProduct(String commonProduct)	The product that generated the event.
void	setCommonProductVersion(long commonProductVersion)	The version of the product that generated the event.
void	setCommonReason(String commonReason)	The result root cause, such as connection refused, timeout, crash, and so on.
void	setCommonResult(String commonResult)	The action result.
void	setCommonSeverity(String commonSeverity)	The severity (or priority) of an event as reported by the originating device.
void	setCommonStartTime(long commonStartTime)	The event's specified start time.
void	setCommonTransactionId(String commonTransactionId)	The transaction identifier.
void	setCommonUrl(String commonUrl)	A uniform record locator (a web address, in other words) included in a record.
void	setCommonVendor(String commonVendor)	The vendor who made the product that generated the event.
void	setDnsDestDomain(String dnsDestDomain)	The DNS domain that has been queried.
void	setDnsDestRecord(String dnsDestRecord)	The remote DNS resource record being acted upon.
void	setDnsDestZone(String dnsDestZone)	The DNS zone that is being received by the slave as part of a zone transfer.
void	setDnsRecordClass(String dnsRecordClass)	The DNS resource record class.
void	setDnsRecordType(String dnsRecordType)	The DNS resource record type.
void	setDnsSrcDomain(String dnsSrcDomain)	The local DNS domain that is being queried.
void	setDnsSrcRecord(String dnsSrcRecord)	The local DNS resource record being acted upon.
void	setDnsSrcZone(String dnsSrcZone)	The DNS zone that is being transferred by the master as part of a zone transfer.
void	setEmailRecipient(String emailRecipient)	The person to whom an email is sent.
void	setEmailSender(String emailSender)	The person responsible for sending an email.
void	setEmailSubject(String emailSubject)	The email subject line.
void	setFileAccessTime(long fileAccessTime)	The time the file (the object of the event) was accessed.
void	setFileCreateTime(long fileCreateTime)	The time the file (the object of the event) was created.
void	setFileHash(String fileHash)	A cryptographic identifier assigned to the file object affected by the event.
void	setFileModifyTime(long fileModifyTime)	The time the file (the object of the event) was altered.
void	setFileName(String fileName)	The name of the file that is the object of the event (without location information related to local file or directory structure).
void	setFilePath(String filePath)	The location of the file that is the object of the event, in terms of local file and directory structure.
void	setFilePermission(String filePermission)	Access controls associated with the file affected by the event.
void	setFileSize(long fileSize)	The size of the file that is the object of the event.
void	setIntrusionDetectionCategory(String intrusionDetectionCategory)	The category of the triggered signature.
void	setIntrusionDetectionDest(String intrusionDetectionDest)	The destination of the attack detected by the intrusion detection system (IDS).
void	setIntrusionDetectionDvc(String intrusionDetectionDvc)	The device that detected the intrusion event.
void	setIntrusionDetectionIdsType(String intrusionDetectionIdsType)	The type of IDS that generated the event.
void	setIntrusionDetectionProduct(String intrusionDetectionProduct)	The product name of the vendor technology generating network protection data, such as IDP, Providentia, and ASA.
void	setIntrusionDetectionSeverity(String intrusionDetectionSeverity)	The severity of the network protection event (such as critical, high, medium, low, or informational).
void	setIntrusionDetectionSignature(String intrusionDetectionSignature)	The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre.
void	setIntrusionDetectionSrc(String intrusionDetectionSrc)	The source involved in the attack detected by the IDS.
void	setIntrusionDetectionUser(String intrusionDetectionUser)	The user involved with the intrusion detection event.
void	setIntrusionDetectionVendor(String intrusionDetectionVendor)	The vendor technology used to generate network protection data, such as IDP, Providentia, and ASA.
void	setMalwareEndpointProtectionAction(String malwareEndpointProtectionAction)	The outcome of the infection
void	setMalwareEndpointProtectionDest(String malwareEndpointProtectionDest)	The target affected or infected by the malware.
void	setMalwareEndpointProtectionDestNtDomain(String malwareEndpointProtectionDestNtDomain)	The NT domain of the destination (the dest_bestmatch).
void	setMalwareEndpointProtectionFileHash(String malwareEndpointProtectionFileHash)	The cryptographic hash of the file associated with the malware event (such as the malicious or infected file).
void	setMalwareEndpointProtectionFileName(String malwareEndpointProtectionFileName)	The name of the file involved in the malware event (such as the infected or malicious file).
void	setMalwareEndpointProtectionFilePath(String malwareEndpointProtectionFilePath)	The path of the file involved in the malware event (such as the infected or malicious file).
void	setMalwareEndpointProtectionProduct(String malwareEndpointProtectionProduct)	The product name of the vendor technology (the vendor field) that is generating malware data (such as Antivirus or EPO).
void	setMalwareEndpointProtectionProductVersion(String malwareEndpointProtectionProductVersion)	The product version number of the vendor technology installed on the client (such as 10.4.3 or 11.0.2).
void	setMalwareEndpointProtectionSignature(String malwareEndpointProtectionSignature)	The name of the malware infection detected on the client (the src), such as Trojan.Vundo,Spyware.Gaobot,W32.Nimbda).
void	setMalwareEndpointProtectionSignatureVersion(String malwareEndpointProtectionSignatureVersion)	The current signature definition set running on the client, such as 11hsvx)
void	setMalwareEndpointProtectionSrcNtDomain(String malwareEndpointProtectionSrcNtDomain)	The NT domain of the source (the src).
void	setMalwareEndpointProtectionUser(String malwareEndpointProtectionUser)	The name of the user involved in the malware event.
void	setMalwareEndpointProtectionVendor(String malwareEndpointProtectionVendor)	The name of the vendor technology generating malware data, such as Symantec or McAfee.
void	setMalwareNetworkProtectionProduct(String malwareNetworkProtectionProduct)	The product name of the vendor technology generating network protection data, such as IDP, Proventia, and ASA.
void	setMalwareNetworkProtectionSeverity(String malwareNetworkProtectionSeverity)	The severity of the network protection event (such as critical, high, medium, low, or informational).
void	setMalwareNetworkProtectionVendor(String malwareNetworkProtectionVendor)	The vendor technology used to generate network protection data, such as IDP, Proventia, and ASA.
void	setNetworkTrafficEssAction(String networkTrafficEssAction)	The action of the network traffic.
void	setNetworkTrafficEssDestPort(int networkTrafficEssDestPort)	The destination port of the network traffic.
void	setNetworkTrafficEssProduct(String networkTrafficEssProduct)	The product name of the vendor technology generating NetworkProtection data, such as IDP, Proventia, and ASA.
void	setNetworkTrafficEssSrcPort(int networkTrafficEssSrcPort)	The source port of the network traffic.
void	setNetworkTrafficEssVendor(String networkTrafficEssVendor)	The vendor technology used to generate NetworkProtection data, such as IDP, Proventia, and ASA.
void	setNetworkTrafficGenericAppLayer(String networkTrafficGenericAppLayer)	The ISO layer 7 (application layer) protocol, such as HTTP, HTTPS, SSH, and IMAP.
void	setNetworkTrafficGenericBytesIn(long networkTrafficGenericBytesIn)	How many bytes this device/interface received.
void	setNetworkTrafficGenericBytesOut(long networkTrafficGenericBytesOut)	How many bytes this device/interface transmitted.
void	setNetworkTrafficGenericChannel(String networkTrafficGenericChannel)	802.11 channel number used by a wireless network.
void	setNetworkTrafficGenericCve(String networkTrafficGenericCve)	The Common Vulnerabilities and Exposures (CVE) reference value.
void	setNetworkTrafficGenericDestApp(String networkTrafficGenericDestApp)	The destination application being targeted.
void	setNetworkTrafficGenericDestCncChannel(String networkTrafficGenericDestCncChannel)	The destination command and control service channel.
void	setNetworkTrafficGenericDestCncName(String networkTrafficGenericDestCncName)	The destination command and control service name.
void	setNetworkTrafficGenericDestCncPort(String networkTrafficGenericDestCncPort)	The destination command and control service port.
void	setNetworkTrafficGenericDestCountry(String networkTrafficGenericDestCountry)	The country associated with a packet's recipient.
void	setNetworkTrafficGenericDestHost(String networkTrafficGenericDestHost)	The fully qualified host name of a packet's recipient.
void	setNetworkTrafficGenericDestInt(String networkTrafficGenericDestInt)	The interface that is listening remotely or receiving packets locally.
void	setNetworkTrafficGenericDestIp(String networkTrafficGenericDestIp)	The IPv4 address of a packet's recipient.
void	setNetworkTrafficGenericDestIpv6(String networkTrafficGenericDestIpv6)	The IPv6 address of a packet's recipient.
void	setNetworkTrafficGenericDestLat(int networkTrafficGenericDestLat)	The (physical) latitude of a packet's destination.
void	setNetworkTrafficGenericDestLong(int networkTrafficGenericDestLong)	The (physical) longitude of a packet's destination.
void	setNetworkTrafficGenericDestMac(String networkTrafficGenericDestMac)	The destination TCP/IP layer 2 Media Access Control (MAC) address of a packet's destination.
void	setNetworkTrafficGenericDestNtDomain(String networkTrafficGenericDestNtDomain)	The Windows NT domain containing a packet's destination.
void	setNetworkTrafficGenericDestNtHost(String networkTrafficGenericDestNtHost)	The Windows NT host name of a packet's destination.
void	setNetworkTrafficGenericDestPort(int networkTrafficGenericDestPort)	TCP/IP port to which a packet is being sent.
void	setNetworkTrafficGenericDestTranslatedIp(String networkTrafficGenericDestTranslatedIp)	The NATed IPv4 address to which a packet has been sent.
void	setNetworkTrafficGenericDestTranslatedPort(int networkTrafficGenericDestTranslatedPort)	The NATed port to which a packet has been sent.
void	setNetworkTrafficGenericIpVersion(int networkTrafficGenericIpVersion)	The numbered Internet Protocol version.
void	setNetworkTrafficGenericOutboundInterface(String networkTrafficGenericOutboundInterface)	The network interface through which a packet was transmitted.
void	setNetworkTrafficGenericPacketsIn(long networkTrafficGenericPacketsIn)	How many packets this device/interface received.
void	setNetworkTrafficGenericPacketsOut(long networkTrafficGenericPacketsOut)	How many packets this device/interface transmitted.
void	setNetworkTrafficGenericProto(String networkTrafficGenericProto)	The OSI layer 3 (Network Layer) protocol, such as IPv4/IPv6, ICMP, IPsec, IGMP or RIP.
void	setNetworkTrafficGenericSessionId(String networkTrafficGenericSessionId)	The session identifier.
void	setNetworkTrafficGenericSrcCountry(String networkTrafficGenericSrcCountry)	The country from which the packet was sent.
void	setNetworkTrafficGenericSrcHost(String networkTrafficGenericSrcHost)	The fully qualified host name of the system that transmitted the packet.
void	setNetworkTrafficGenericSrcInt(String networkTrafficGenericSrcInt)	The interface that is listening locally or sending packets remotely.
void	setNetworkTrafficGenericSrcIp(String networkTrafficGenericSrcIp)	The IPv4 address of the packet's source.
void	setNetworkTrafficGenericSrcIpv6(String networkTrafficGenericSrcIpv6)	The IPv6 address of the packet's source.
void	setNetworkTrafficGenericSrcLat(int networkTrafficGenericSrcLat)	The (physical) latitude of the packet's source.
void	setNetworkTrafficGenericSrcLong(int networkTrafficGenericSrcLong)	The (physical) longitude of the packet's source.
void	setNetworkTrafficGenericSrcMac(String networkTrafficGenericSrcMac)	The Media Access Control (MAC) address from which a packet was transmitted.
void	setNetworkTrafficGenericSrcNtDomain(String networkTrafficGenericSrcNtDomain)	The Windows NT domain containing the machines that generated the event.
void	setNetworkTrafficGenericSrcNtHost(String networkTrafficGenericSrcNtHost)	The Windows NT hostname of the system that generated the event.
void	setNetworkTrafficGenericSrcPort(int networkTrafficGenericSrcPort)	The network port from which a packet originated.
void	setNetworkTrafficGenericSrcTranslatedIp(String networkTrafficGenericSrcTranslatedIp)	The NATed IPv4 address from which a packet has been sent.
void	setNetworkTrafficGenericSrcTranslatedPort(int networkTrafficGenericSrcTranslatedPort)	The NATed network port from which a packet has been sent.
void	setNetworkTrafficGenericSsid(String networkTrafficGenericSsid)	The 802.11 service set identifier (ssid) assigned to a wireless session.
void	setNetworkTrafficGenericSyslogId(String networkTrafficGenericSyslogId)	The application, process, or OS subsystem that generated the event.
void	setNetworkTrafficGenericSyslogPriority(String networkTrafficGenericSyslogPriority)	The criticality of an event, as recorded by UNIX syslog.
void	setNetworkTrafficGenericTcpFlag(String networkTrafficGenericTcpFlag)	The TCP flag(s) specified in the event.
void	setNetworkTrafficGenericTos(String networkTrafficGenericTos)	The hex bit that specifies TCP 'type of service'
void	setNetworkTrafficGenericTransport(String networkTrafficGenericTransport)	The transport protocol.
void	setNetworkTrafficGenericTtl(int networkTrafficGenericTtl)	The "time to live" of a packet or datagram.
void	setNetworkTrafficGenericVlanId(long networkTrafficGenericVlanId)	The numeric identifier assigned to the virtual local area network (VLAN) specified in the record.
void	setNetworkTrafficGenericVlanName(String networkTrafficGenericVlanName)	The name assigned to the virtual local area network (VLAN) specified in the record.
void	setPacketFilteringAction(String packetFilteringAction)	The action the filtering device (the dvc_bestmatch field) performed on the communication.
void	setPacketFilteringDestPort(int packetFilteringDestPort)	The IP port of the packet's destination, such as 22.
void	setPacketFilteringDirection(String packetFilteringDirection)	The direction the packet is traveling.
void	setPacketFilteringDvc(String packetFilteringDvc)	The name of the packet filtering device.
void	setPacketFilteringRule(String packetFilteringRule)	The rule which took action on the packet, such as 143.
void	setPacketFilteringSvcPort(int packetFilteringSvcPort)	The IP port of the packet's source, such as 34541.
void	setProxyAction(String proxyAction)	The action taken by the proxy.
void	setProxyDest(String proxyDest)	The destination of the network traffic (the remote host).
void	setProxyHttpContentType(String proxyHttpContentType)	The content-type of the requested HTTP resource.
void	setProxyHttpMethod(String proxyHttpMethod)	The HTTP method used to request the resource.
void	setProxyHttpRefer(String proxyHttpRefer)	The HTTP referrer used to request the HTTP resource.
void	setProxyHttpResponse(int proxyHttpResponse)	The HTTP response code.
void	setProxyHttpUserAgent(String proxyHttpUserAgent)	The user agent used to request the HTTP resource.
void	setProxyProduct(String proxyProduct)	The product name of the vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.
void	setProxySrc(String proxySrc)	The source of the network traffic (the client requesting the connection).
void	setProxyStatus(int proxyStatus)	The HTTP response code indicating the status of the proxy request.
void	setProxyUrl(String proxyUrl)	The URL of the requested HTTP resource.
void	setProxyUser(String proxyUser)	The user that requested the HTTP resource.
void	setProxyVendor(String proxyVendor)	The vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.
void	setSystemCenterApp(String systemCenterApp)	The running application or service on the system (the src field), such as explorer.exe or sshd.
void	setSystemCenterFreembytes(long systemCenterFreembytes)	The amount of disk space available per drive or mount (the mount field) on the system (the src field).
void	setSystemCenterKernelRelease(String systemCenterKernelRelease)	The version of operating system installed on the host (the src field), such as 6.0.1.4 or 2.6.27.30-170.2.82.fc10.x86_64.
void	setSystemCenterLabel(String systemCenterLabel)	Human-readable version of the SystemUptime value.
void	setSystemCenterMount(String systemCenterMount)	The drive or mount reporting available disk space (the FreeMBytes field) on the system (the src field).
void	setSystemCenterOs(String systemCenterOs)	The name of the operating system installed on the host (the src), such as Microsoft Windows Server 2003 or GNU/Linux).
void	setSystemCenterPercentprocessortime(int systemCenterPercentprocessortime)	The percentage of processor utilization.
void	setSystemCenterSelinux(String systemCenterSelinux)	Values from the SE Linux configuration file.
void	setSystemCenterSelinuxtype(String systemCenterSelinuxtype)	The SE Linux type (such as targeted).
void	setSystemCenterSetlocaldefs(int systemCenterSetlocaldefs)	The setlocaldefs setting from the SE Linux configuration.
void	setSystemCenterShell(String systemCenterShell)	The shell provided to the User Account (the user field) upon logging into the system (the src field).
void	setSystemCenterSrcPort(int systemCenterSrcPort)	The TCP/UDP source port on the system (the src field).
void	setSystemCenterSshdProtocol(String systemCenterSshdProtocol)	The sshd protocol version.
void	setSystemCenterStartmode(String systemCenterStartmode)	The start mode of the given service.
void	setSystemCenterSystemuptime(long systemCenterSystemuptime)	The number of seconds since the system (the src) has been "up."
void	setSystemCenterTotalmbytes(long systemCenterTotalmbytes)	The total amount of available memory on the system (the src).
void	setSystemCenterUpdates(long systemCenterUpdates)	The number of updates the system (the src) is missing.
void	setSystemCenterUsedmbytes(long systemCenterUsedmbytes)	The amount of used memory on the system (the src).
void	setSystemCenterUser(String systemCenterUser)	The User Account present on the system (the src).
void	setTrafficDest(String trafficDest)	The destination of the network traffic.
void	setTrafficDvc(String trafficDvc)	The name of the packet filtering device.
void	setTrafficSrc(String trafficSrc)	The source of the network traffic.
void	setUpdatePackage(String updatePackage)	The name of the installed update.
void	setUserInfoUpdatesAffectedUser(String userInfoUpdatesAffectedUser)	A user that has been affected by a change.
void	setUserInfoUpdatesAffectedUserGroup(String userInfoUpdatesAffectedUserGroup)	The user group affected by a change.
void	setUserInfoUpdatesAffectedUserGroupId(int userInfoUpdatesAffectedUserGroupId)	The identifier of the user group affected by a change.
void	setUserInfoUpdatesAffectedUserId(int userInfoUpdatesAffectedUserId)	The identifier of the user affected by a change.
void	setUserInfoUpdatesAffectedUserPrivilege(String userInfoUpdatesAffectedUserPrivilege)	The security context associated with the user affected by a change.
void	setUserInfoUpdatesUser(String userInfoUpdatesUser)	The name of the user affected by the recorded event.
void	setUserInfoUpdatesUserGroup(String userInfoUpdatesUserGroup)	A user group that is the object of an event, expressed in human-readable terms.
void	setUserInfoUpdatesUserGroupId(int userInfoUpdatesUserGroupId)	The numeric identifier assigned to the user group event object.
void	setUserInfoUpdatesUserId(int userInfoUpdatesUserId)	The system-assigned identifier for the user affected by an event.
void	setUserInfoUpdatesUserPrivilege(String userInfoUpdatesUserPrivilege)	The security context associated with the object of an event (the affected user).
void	setUserInfoUpdatesUserSubject(String userInfoUpdatesUserSubject)	The name of the user that is the subject of an event--the user executing the action, in other words.
void	setUserInfoUpdatesUserSubjectId(int userInfoUpdatesUserSubjectId)	The ID number of the user that is the subject of an event.
void	setUserInfoUpdatesUserSubjectPrivilege(String userInfoUpdatesUserSubjectPrivilege)	The security context associated with the subject of an event (the user causing a change).
void	setVulnerabilityCategory(String vulnerabilityCategory)	The category of the discovered vulnerability.
void	setVulnerabilityDest(String vulnerabilityDest)	The host with the discovered vulnerability.
void	setVulnerabilityOs(String vulnerabilityOs)	The operating system of the host containing the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.
void	setVulnerabilitySeverity(String vulnerabilitySeverity)	The severity of the discovered vulnerability.
void	setVulnerabilitySignature(String vulnerabilitySignature)	The name of the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.
void	setWindowsAdminObjectHandle(String windowsAdminObjectHandle)	The object handle (associated only with Windows).
void	setWindowsAdminObjectName(String windowsAdminObjectName)	The object name (associated only with Windows).
void	setWindowsAdminObjectType(String windowsAdminObjectType)	The object type (associated only with Windows).
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

AC_MANAGEMENT_DEST_NT_DOMAIN

public static String AC_MANAGEMENT_DEST_NT_DOMAIN

AC_MANAGEMENT_SIGNATURE

public static String AC_MANAGEMENT_SIGNATURE

AC_MANAGEMENT_SRC_NT_DOMAIN

public static String AC_MANAGEMENT_SRC_NT_DOMAIN

AUTH_ACTION

public static String AUTH_ACTION

AUTH_APP

public static String AUTH_APP

AUTH_DEST

public static String AUTH_DEST

AUTH_SRC

public static String AUTH_SRC

AUTH_SRC_USER

public static String AUTH_SRC_USER

AUTH_USER

public static String AUTH_USER

CHANGE_ENDPOINT_PROTECTION_ACTION

public static String CHANGE_ENDPOINT_PROTECTION_ACTION

CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE

public static String CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE

CHANGE_ENDPOINT_PROTECTION_DEST

public static String CHANGE_ENDPOINT_PROTECTION_DEST

CHANGE_ENDPOINT_PROTECTION_HASH

public static String CHANGE_ENDPOINT_PROTECTION_HASH

CHANGE_ENDPOINT_PROTECTION_GID

public static String CHANGE_ENDPOINT_PROTECTION_GID

CHANGE_ENDPOINT_PROTECTION_ISDR

public static String CHANGE_ENDPOINT_PROTECTION_ISDR

CHANGE_ENDPOINT_PROTECTION_MODE

public static String CHANGE_ENDPOINT_PROTECTION_MODE

CHANGE_ENDPOINT_PROTECTION_MODTIME

public static String CHANGE_ENDPOINT_PROTECTION_MODTIME

CHANGE_ENDPOINT_PROTECTION_PATH

public static String CHANGE_ENDPOINT_PROTECTION_PATH

CHANGE_ENDPOINT_PROTECTION_SIZE

public static String CHANGE_ENDPOINT_PROTECTION_SIZE

CHANGE_ENDPOINT_PROTECTION_UID

public static String CHANGE_ENDPOINT_PROTECTION_UID

CHANGE_NETWORK_PROTECTION_ACTION

public static String CHANGE_NETWORK_PROTECTION_ACTION

CHANGE_NETWORK_PROTECTION_COMMAND

public static String CHANGE_NETWORK_PROTECTION_COMMAND

CHANGE_NETWORK_PROTECTION_DVC

public static String CHANGE_NETWORK_PROTECTION_DVC

CHANGE_NETWORK_PROTECTION_USER

public static String CHANGE_NETWORK_PROTECTION_USER

COMMON_CATEGORY

public static String COMMON_CATEGORY

COMMON_COUNT

public static String COMMON_COUNT

COMMON_DESC

public static String COMMON_DESC

COMMON_DHCP_POOL

public static String COMMON_DHCP_POOL

COMMON_DURATION

public static String COMMON_DURATION

COMMON_DVC_HOST

public static String COMMON_DVC_HOST

COMMON_DVC_IP

public static String COMMON_DVC_IP

COMMON_DVC_IP6

public static String COMMON_DVC_IP6

COMMON_DVC_LOCATION

public static String COMMON_DVC_LOCATION

COMMON_DVC_MAC

public static String COMMON_DVC_MAC

COMMON_DVC_NT_DOMAIN

public static String COMMON_DVC_NT_DOMAIN

COMMON_DVC_NT_HOST

public static String COMMON_DVC_NT_HOST

COMMON_DVC_TIME

public static String COMMON_DVC_TIME

COMMON_END_TIME

public static String COMMON_END_TIME

COMMON_EVENT_ID

public static String COMMON_EVENT_ID

COMMON_LENGTH

public static String COMMON_LENGTH

COMMON_LOG_LEVEL

public static String COMMON_LOG_LEVEL

COMMON_NAME

public static String COMMON_NAME

COMMON_PID

public static String COMMON_PID

COMMON_PRIORITY

public static String COMMON_PRIORITY

COMMON_PRODUCT

public static String COMMON_PRODUCT

COMMON_PRODUCT_VERSION

public static String COMMON_PRODUCT_VERSION

COMMON_REASON

public static String COMMON_REASON

COMMON_RESULT

public static String COMMON_RESULT

COMMON_SEVERITY

public static String COMMON_SEVERITY

COMMON_START_TIME

public static String COMMON_START_TIME

COMMON_TRANSACTION_ID

public static String COMMON_TRANSACTION_ID

COMMON_URL

public static String COMMON_URL

COMMON_VENDOR

public static String COMMON_VENDOR

DNS_DEST_DOMAIN

public static String DNS_DEST_DOMAIN

DNS_DEST_RECORD

public static String DNS_DEST_RECORD

DNS_DEST_ZONE

public static String DNS_DEST_ZONE

DNS_RECORD_CLASS

public static String DNS_RECORD_CLASS

DNS_RECORD_TYPE

public static String DNS_RECORD_TYPE

DNS_SRC_DOMAIN

public static String DNS_SRC_DOMAIN

DNS_SRC_RECORD

public static String DNS_SRC_RECORD

DNS_SRC_ZONE

public static String DNS_SRC_ZONE

EMAIL_RECIPIENT

public static String EMAIL_RECIPIENT

EMAIL_SENDER

public static String EMAIL_SENDER

EMAIL_SUBJECT

public static String EMAIL_SUBJECT

FILE_ACCESS_TIME

public static String FILE_ACCESS_TIME

FILE_CREATE_TIME

public static String FILE_CREATE_TIME

FILE_HASH

public static String FILE_HASH

FILE_MODIFY_TIME

public static String FILE_MODIFY_TIME

FILE_NAME

public static String FILE_NAME

FILE_PATH

public static String FILE_PATH

FILE_PERMISSION

public static String FILE_PERMISSION

FILE_SIZE

public static String FILE_SIZE

INTRUSION_DETECTION_CATEGORY

public static String INTRUSION_DETECTION_CATEGORY

INTRUSION_DETECTION_DEST

public static String INTRUSION_DETECTION_DEST

INTRUSION_DETECTION_DVC

public static String INTRUSION_DETECTION_DVC

INTRUSION_DETECTION_IDS_TYPE

public static String INTRUSION_DETECTION_IDS_TYPE

INTRUSION_DETECTION_PRODUCT

public static String INTRUSION_DETECTION_PRODUCT

INTRUSION_DETECTION_SEVERITY

public static String INTRUSION_DETECTION_SEVERITY

INTRUSION_DETECTION_SIGNATURE

public static String INTRUSION_DETECTION_SIGNATURE

INTRUSION_DETECTION_SRC

public static String INTRUSION_DETECTION_SRC

INTRUSION_DETECTION_USER

public static String INTRUSION_DETECTION_USER

INTRUSION_DETECTION_VENDOR

public static String INTRUSION_DETECTION_VENDOR

MALWARE_ENDPOINT_PROTECTION_ACTION

public static String MALWARE_ENDPOINT_PROTECTION_ACTION

MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN

public static String MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN

MALWARE_ENDPOINT_PROTECTION_FILE_HASH

public static String MALWARE_ENDPOINT_PROTECTION_FILE_HASH

MALWARE_ENDPOINT_PROTECTION_FILE_NAME

public static String MALWARE_ENDPOINT_PROTECTION_FILE_NAME

MALWARE_ENDPOINT_PROTECTION_FILE_PATH

public static String MALWARE_ENDPOINT_PROTECTION_FILE_PATH

MALWARE_ENDPOINT_PROTECTION_PRODUCT

public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT

MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION

public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION

MALWARE_ENDPOINT_PROTECTION_SIGNATURE

public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE

MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION

public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION

MALWARE_ENDPOINT_PROTECTION_DEST

public static String MALWARE_ENDPOINT_PROTECTION_DEST

MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN

public static String MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN

MALWARE_ENDPOINT_PROTECTION_USER

public static String MALWARE_ENDPOINT_PROTECTION_USER

MALWARE_ENDPOINT_PROTECTION_VENDOR

public static String MALWARE_ENDPOINT_PROTECTION_VENDOR

MALWARE_NETWORK_PROTECTION_PRODUCT

public static String MALWARE_NETWORK_PROTECTION_PRODUCT

MALWARE_NETWORK_PROTECTION_SEVERITY

public static String MALWARE_NETWORK_PROTECTION_SEVERITY

MALWARE_NETWORK_PROTECTION_VENDOR

public static String MALWARE_NETWORK_PROTECTION_VENDOR

NETWORK_TRAFFIC_ESS_ACTION

public static String NETWORK_TRAFFIC_ESS_ACTION

NETWORK_TRAFFIC_ESS_DEST_PORT

public static String NETWORK_TRAFFIC_ESS_DEST_PORT

NETWORK_TRAFFIC_ESS_PRODUCT

public static String NETWORK_TRAFFIC_ESS_PRODUCT

NETWORK_TRAFFIC_ESS_SRC_PORT

public static String NETWORK_TRAFFIC_ESS_SRC_PORT

NETWORK_TRAFFIC_ESS_VENDOR

public static String NETWORK_TRAFFIC_ESS_VENDOR

NETWORK_TRAFFIC_GENERIC_APP_LAYER

public static String NETWORK_TRAFFIC_GENERIC_APP_LAYER

NETWORK_TRAFFIC_GENERIC_BYTES_IN

public static String NETWORK_TRAFFIC_GENERIC_BYTES_IN

NETWORK_TRAFFIC_GENERIC_BYTES_OUT

public static String NETWORK_TRAFFIC_GENERIC_BYTES_OUT

NETWORK_TRAFFIC_GENERIC_CHANNEL

public static String NETWORK_TRAFFIC_GENERIC_CHANNEL

NETWORK_TRAFFIC_GENERIC_CVE

public static String NETWORK_TRAFFIC_GENERIC_CVE

NETWORK_TRAFFIC_GENERIC_DEST_APP

public static String NETWORK_TRAFFIC_GENERIC_DEST_APP

NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL

public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL

NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME

public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME

NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT

public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT

NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY

public static String NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY

NETWORK_TRAFFIC_GENERIC_DEST_HOST

public static String NETWORK_TRAFFIC_GENERIC_DEST_HOST

NETWORK_TRAFFIC_GENERIC_DEST_INT

public static String NETWORK_TRAFFIC_GENERIC_DEST_INT

NETWORK_TRAFFIC_GENERIC_DEST_IP

public static String NETWORK_TRAFFIC_GENERIC_DEST_IP

NETWORK_TRAFFIC_GENERIC_DEST_IPV6

public static String NETWORK_TRAFFIC_GENERIC_DEST_IPV6

NETWORK_TRAFFIC_GENERIC_DEST_LAT

public static String NETWORK_TRAFFIC_GENERIC_DEST_LAT

NETWORK_TRAFFIC_GENERIC_DEST_LONG

public static String NETWORK_TRAFFIC_GENERIC_DEST_LONG

NETWORK_TRAFFIC_GENERIC_DEST_MAC

public static String NETWORK_TRAFFIC_GENERIC_DEST_MAC

NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN

public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN

NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST

public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST

NETWORK_TRAFFIC_GENERIC_DEST_PORT

public static String NETWORK_TRAFFIC_GENERIC_DEST_PORT

NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP

public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP

NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT

public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT

NETWORK_TRAFFIC_GENERIC_IP_VERSION

public static String NETWORK_TRAFFIC_GENERIC_IP_VERSION

NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE

public static String NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE

NETWORK_TRAFFIC_GENERIC_PACKETS_IN

public static String NETWORK_TRAFFIC_GENERIC_PACKETS_IN

NETWORK_TRAFFIC_GENERIC_PACKETS_OUT

public static String NETWORK_TRAFFIC_GENERIC_PACKETS_OUT

NETWORK_TRAFFIC_GENERIC_PROTO

public static String NETWORK_TRAFFIC_GENERIC_PROTO

NETWORK_TRAFFIC_GENERIC_SESSION_ID

public static String NETWORK_TRAFFIC_GENERIC_SESSION_ID

NETWORK_TRAFFIC_GENERIC_SSID

public static String NETWORK_TRAFFIC_GENERIC_SSID

NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY

public static String NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY

NETWORK_TRAFFIC_GENERIC_SRC_HOST

public static String NETWORK_TRAFFIC_GENERIC_SRC_HOST

NETWORK_TRAFFIC_GENERIC_SRC_INT

public static String NETWORK_TRAFFIC_GENERIC_SRC_INT

NETWORK_TRAFFIC_GENERIC_SRC_IP

public static String NETWORK_TRAFFIC_GENERIC_SRC_IP

NETWORK_TRAFFIC_GENERIC_SRC_IPV6

public static String NETWORK_TRAFFIC_GENERIC_SRC_IPV6

NETWORK_TRAFFIC_GENERIC_SRC_LAT

public static String NETWORK_TRAFFIC_GENERIC_SRC_LAT

NETWORK_TRAFFIC_GENERIC_SRC_LONG

public static String NETWORK_TRAFFIC_GENERIC_SRC_LONG

NETWORK_TRAFFIC_GENERIC_SRC_MAC

public static String NETWORK_TRAFFIC_GENERIC_SRC_MAC

NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN

public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN

NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST

public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST

NETWORK_TRAFFIC_GENERIC_SRC_PORT

public static String NETWORK_TRAFFIC_GENERIC_SRC_PORT

NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP

public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP

NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT

public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT

NETWORK_TRAFFIC_GENERIC_SYSLOG_ID

public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_ID

NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY

public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY

NETWORK_TRAFFIC_GENERIC_TCP_FLAG

public static String NETWORK_TRAFFIC_GENERIC_TCP_FLAG

NETWORK_TRAFFIC_GENERIC_TOS

public static String NETWORK_TRAFFIC_GENERIC_TOS

NETWORK_TRAFFIC_GENERIC_TRANSPORT

public static String NETWORK_TRAFFIC_GENERIC_TRANSPORT

NETWORK_TRAFFIC_GENERIC_TTL

public static String NETWORK_TRAFFIC_GENERIC_TTL

NETWORK_TRAFFIC_GENERIC_VLAN_ID

public static String NETWORK_TRAFFIC_GENERIC_VLAN_ID

NETWORK_TRAFFIC_GENERIC_VLAN_NAME

public static String NETWORK_TRAFFIC_GENERIC_VLAN_NAME

PACKET_FILTERING_ACTION

public static String PACKET_FILTERING_ACTION

PACKET_FILTERING_DEST_PORT

public static String PACKET_FILTERING_DEST_PORT

PACKET_FILTERING_DIRECTION

public static String PACKET_FILTERING_DIRECTION

PACKET_FILTERING_DVC

public static String PACKET_FILTERING_DVC

PACKET_FILTERING_RULE

public static String PACKET_FILTERING_RULE

PACKET_FILTERING_SVC_PORT

public static String PACKET_FILTERING_SVC_PORT

PROXY_ACTION

public static String PROXY_ACTION

PROXY_DEST

public static String PROXY_DEST

PROXY_HTTP_CONTENT_TYPE

public static String PROXY_HTTP_CONTENT_TYPE

PROXY_HTTP_METHOD

public static String PROXY_HTTP_METHOD

PROXY_HTTP_REFER

public static String PROXY_HTTP_REFER

PROXY_HTTP_RESPONSE

public static String PROXY_HTTP_RESPONSE

PROXY_HTTP_USER_AGENT

public static String PROXY_HTTP_USER_AGENT

PROXY_PRODUCT

public static String PROXY_PRODUCT

PROXY_SRC

public static String PROXY_SRC

PROXY_STATUS

public static String PROXY_STATUS

PROXY_USER

public static String PROXY_USER

PROXY_URL

public static String PROXY_URL

PROXY_VENDOR

public static String PROXY_VENDOR

SYSTEM_CENTER_APP

public static String SYSTEM_CENTER_APP

SYSTEM_CENTER_FREEMBYTES

public static String SYSTEM_CENTER_FREEMBYTES

SYSTEM_CENTER_KERNEL_RELEASE

public static String SYSTEM_CENTER_KERNEL_RELEASE

SYSTEM_CENTER_LABEL

public static String SYSTEM_CENTER_LABEL

SYSTEM_CENTER_MOUNT

public static String SYSTEM_CENTER_MOUNT

SYSTEM_CENTER_OS

public static String SYSTEM_CENTER_OS

SYSTEM_CENTER_PERCENTPROCESSORTIME

public static String SYSTEM_CENTER_PERCENTPROCESSORTIME

SYSTEM_CENTER_SETLOCALDEFS

public static String SYSTEM_CENTER_SETLOCALDEFS

SYSTEM_CENTER_SELINUX

public static String SYSTEM_CENTER_SELINUX

SYSTEM_CENTER_SELINUXTYPE

public static String SYSTEM_CENTER_SELINUXTYPE

SYSTEM_CENTER_SHELL

public static String SYSTEM_CENTER_SHELL

SYSTEM_CENTER_SRC_PORT

public static String SYSTEM_CENTER_SRC_PORT

SYSTEM_CENTER_SSHD_PROTOCOL

public static String SYSTEM_CENTER_SSHD_PROTOCOL

SYSTEM_CENTER_STARTMODE

public static String SYSTEM_CENTER_STARTMODE

SYSTEM_CENTER_SYSTEMUPTIME

public static String SYSTEM_CENTER_SYSTEMUPTIME

SYSTEM_CENTER_TOTALMBYTES

public static String SYSTEM_CENTER_TOTALMBYTES

SYSTEM_CENTER_USEDMBYTES

public static String SYSTEM_CENTER_USEDMBYTES

SYSTEM_CENTER_USER

public static String SYSTEM_CENTER_USER

SYSTEM_CENTER_UPDATES

public static String SYSTEM_CENTER_UPDATES

TRAFFIC_DEST

public static String TRAFFIC_DEST

TRAFFIC_DVC

public static String TRAFFIC_DVC

TRAFFIC_SRC

public static String TRAFFIC_SRC

UPDATE_PACKAGE

public static String UPDATE_PACKAGE

USER_INFO_UPDATES_AFFECTED_USER

public static String USER_INFO_UPDATES_AFFECTED_USER

USER_INFO_UPDATES_AFFECTED_USER_GROUP

public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP

USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID

public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID

USER_INFO_UPDATES_AFFECTED_USER_ID

public static String USER_INFO_UPDATES_AFFECTED_USER_ID

USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE

public static String USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE

USER_INFO_UPDATES_USER

public static String USER_INFO_UPDATES_USER

USER_INFO_UPDATES_USER_GROUP

public static String USER_INFO_UPDATES_USER_GROUP

USER_INFO_UPDATES_USER_GROUP_ID

public static String USER_INFO_UPDATES_USER_GROUP_ID

USER_INFO_UPDATES_USER_ID

public static String USER_INFO_UPDATES_USER_ID

USER_INFO_UPDATES_USER_PRIVILEGE

public static String USER_INFO_UPDATES_USER_PRIVILEGE

USER_INFO_UPDATES_USER_SUBJECT

public static String USER_INFO_UPDATES_USER_SUBJECT

USER_INFO_UPDATES_USER_SUBJECT_ID

public static String USER_INFO_UPDATES_USER_SUBJECT_ID

USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE

public static String USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE

VULNERABILITY_CATEGORY

public static String VULNERABILITY_CATEGORY

VULNERABILITY_DEST

public static String VULNERABILITY_DEST

VULNERABILITY_OS

public static String VULNERABILITY_OS

VULNERABILITY_SEVERITY

public static String VULNERABILITY_SEVERITY

VULNERABILITY_SIGNATURE

public static String VULNERABILITY_SIGNATURE

WINDOWS_ADMIN_OBJECT_NAME

public static String WINDOWS_ADMIN_OBJECT_NAME

WINDOWS_ADMIN_OBJECT_TYPE

public static String WINDOWS_ADMIN_OBJECT_TYPE

WINDOWS_ADMIN_OBJECT_HANDLE

public static String WINDOWS_ADMIN_OBJECT_HANDLE

Constructor Details

SplunkCimLogEvent

public SplunkCimLogEvent(String eventName, String eventID)

Parameters:

eventName - event name

eventID - event ID

Method Details

addField

public void addField(String key, Object value)

Add a key value pair. The value may be any Java object which returns a sensible result from its toString method. For logging exceptions, consider using addThrowableWithStacktrace instead.

Parameters:

key - key

value - value

addThrowableWithStacktrace

public void addThrowableWithStacktrace(Throwable throwable)

Logs an exception with its stacktrace nicely formatted for indexing and searching by Splunk.

Parameters:

throwable - the Throwable object to add to the event

addThrowableWithStacktrace

public void addThrowableWithStacktrace(Throwable throwable, int stacktraceDepth)

Logs an exception with the first stacktraceDepth elements of its stacktrace nicely formatted for indexing and searching by Splunk,

Parameters:

throwable - the Throwable object to add to the event

stacktraceDepth - maximum number of stacktrace elements to log

toString

public String toString()

Overrides:

toString in class Object

setAcManagementDestNtDomain

public void setAcManagementDestNtDomain(String acManagementDestNtDomain)

The domain containing the user that is affected by the account management event.

setAcManagementSignature

public void setAcManagementSignature(String acManagementSignature)

Description of the account management change performed.

setAcManagementSrcNtDomain

public void setAcManagementSrcNtDomain(String acManagementSrcNtDomain)

The NT source of the destination. In the case of an account management event, this is the domain that contains the user that generated the event.

setAuthAction

public void setAuthAction(String authAction)

The action performed on the resource. success, failure

setAuthApp

public void setAuthApp(String authApp)

The application involved in the event (such as ssh, spunk, win:local).

setAuthDest

public void setAuthDest(String authDest)

The target involved in the authentication. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setAuthSrc

public void setAuthSrc(String authSrc)

The source involved in the authentication. In the case of endpoint protection authentication the src is the client. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.. It is required for all events dealing with endpoint protection (Authentication, change analysis, malware, system center, and update). Note: Do not confuse this with the event source or sourcetype fields.

setAuthSrcUser

public void setAuthSrcUser(String authSrcUser)

In privilege escalation events, src_user represents the user who initiated the privilege escalation.

setAuthUser

public void setAuthUser(String authUser)

The name of the user involved in the event, or who initiated the event. For authentication privilege escalation events this should represent the user targeted by the escalation.

setChangeEndpointProtectionAction

public void setChangeEndpointProtectionAction(String changeEndpointProtectionAction)

The action performed on the resource.

setChangeEndpointProtectionChangeType

public void setChangeEndpointProtectionChangeType(String changeEndpointProtectionChangeType)

The type of change discovered in the change analysis event.

setChangeEndpointProtectionDest

public void setChangeEndpointProtectionDest(String changeEndpointProtectionDest)

The host that was affected by the change. If your field is named dest_host,dest_ip,dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setChangeEndpointProtectionHash

public void setChangeEndpointProtectionHash(String changeEndpointProtectionHash)

The hash signature of the modified resource.

setChangeEndpointProtectionGid

public void setChangeEndpointProtectionGid(long changeEndpointProtectionGid)

The group ID of the modified resource.

setChangeEndpointProtectionIsdr

public void setChangeEndpointProtectionIsdr(boolean changeEndpointProtectionIsdr)

Indicates whether or not the modified resource is a directory.

setChangeEndpointProtectionMode

public void setChangeEndpointProtectionMode(long changeEndpointProtectionMode)

The permissions mode of the modified resource.

setChangeEndpointProtectionModtime

public void setChangeEndpointProtectionModtime(String changeEndpointProtectionModtime)

The modification time of the modified resource.

setChangeEndpointProtectionPath

public void setChangeEndpointProtectionPath(String changeEndpointProtectionPath)

The file path of the modified resource.

setChangeEndpointProtectionSize

public void setChangeEndpointProtectionSize(long changeEndpointProtectionSize)

The size of the modified resource.

setChangeEndpointProtectionUid

public void setChangeEndpointProtectionUid(long changeEndpointProtectionUid)

The user ID of the modified resource.

setChangeNetworkProtectionAction

public void setChangeNetworkProtectionAction(String changeNetworkProtectionAction)

The type of change observed.

setChangeNetworkProtectionCommand

public void setChangeNetworkProtectionCommand(String changeNetworkProtectionCommand)

The command that initiated the change.

setChangeNetworkProtectionDvc

public void setChangeNetworkProtectionDvc(String changeNetworkProtectionDvc)

The device that is directly affected by the change.

setChangeNetworkProtectionUser

public void setChangeNetworkProtectionUser(String changeNetworkProtectionUser)

The user that initiated the change.

setCommonCategory

public void setCommonCategory(String commonCategory)

A device-specific classification provided as part of the event.

setCommonCount

public void setCommonCount(String commonCount)

A device-specific classification provided as part of the event.

setCommonDesc

public void setCommonDesc(String commonDesc)

The free-form description of a particular event.

setCommonDhcpPool

public void setCommonDhcpPool(String commonDhcpPool)

The name of a given DHCP pool on a DHCP server.

setCommonDuration

public void setCommonDuration(long commonDuration)

The amount of time the event lasted.

setCommonDvcHost

public void setCommonDvcHost(String commonDvcHost)

The fully qualified domain name of the device transmitting or recording the log record.

setCommonDvcIp

public void setCommonDvcIp(String commonDvcIp)

The IPv4 address of the device reporting the event.

setCommonDvcIp6

public void setCommonDvcIp6(String commonDvcIp6)

The IPv6 address of the device reporting the event.

setCommonDvcLocation

public void setCommonDvcLocation(String commonDvcLocation)

The free-form description of the device's physical location.

setCommonDvcMac

public void setCommonDvcMac(String commonDvcMac)

The MAC (layer 2) address of the device reporting the event.

setCommonDvcNtDomain

public void setCommonDvcNtDomain(String commonDvcNtDomain)

The Windows NT domain of the device recording or transmitting the event.

setCommonDvcNtHost

public void setCommonDvcNtHost(String commonDvcNtHost)

The Windows NT host name of the device recording or transmitting the event.

setCommonDvcTime

public void setCommonDvcTime(long commonDvcTime)

Time at which the device recorded the event.

setCommonEndTime

public void setCommonEndTime(long commonEndTime)

The event's specified end time.

setCommonEventId

public void setCommonEventId(long commonEventId)

A unique identifier that identifies the event. This is unique to the reporting device.

setCommonLength

public void setCommonLength(long commonLength)

The length of the datagram, event, message, or packet.

setCommonLogLevel

public void setCommonLogLevel(String commonLogLevel)

The log-level that was set on the device and recorded in the event.

setCommonName

public void setCommonName(String commonName)

The name of the event as reported by the device. The name should not contain information that's already being parsed into other fields from the event, such as IP addresses.

setCommonPid

public void setCommonPid(long commonPid)

An integer assigned by the device operating system to the process creating the record.

setCommonPriority

public void setCommonPriority(long commonPriority)

An environment-specific assessment of the event's importance, based on elements such as event severity, business function of the affected system, or other locally defined variables.

setCommonProduct

public void setCommonProduct(String commonProduct)

The product that generated the event.

setCommonProductVersion

public void setCommonProductVersion(long commonProductVersion)

The version of the product that generated the event.

setCommonReason

public void setCommonReason(String commonReason)

The result root cause, such as connection refused, timeout, crash, and so on.

setCommonResult

public void setCommonResult(String commonResult)

The action result. Often is a binary choice: succeeded and failed, allowed and denied, and so on.

setCommonSeverity

public void setCommonSeverity(String commonSeverity)

The severity (or priority) of an event as reported by the originating device.

setCommonStartTime

public void setCommonStartTime(long commonStartTime)

The event's specified start time.

setCommonTransactionId

public void setCommonTransactionId(String commonTransactionId)

The transaction identifier.

setCommonUrl

public void setCommonUrl(String commonUrl)

A uniform record locator (a web address, in other words) included in a record.

setCommonVendor

public void setCommonVendor(String commonVendor)

The vendor who made the product that generated the event.

setDnsDestDomain

public void setDnsDestDomain(String dnsDestDomain)

The DNS domain that has been queried.

setDnsDestRecord

public void setDnsDestRecord(String dnsDestRecord)

The remote DNS resource record being acted upon.

setDnsDestZone

public void setDnsDestZone(String dnsDestZone)

The DNS zone that is being received by the slave as part of a zone transfer.

setDnsRecordClass

public void setDnsRecordClass(String dnsRecordClass)

The DNS resource record class.

setDnsRecordType

public void setDnsRecordType(String dnsRecordType)

The DNS resource record type.

See Also:

see this Wikipedia article on DNS record types

setDnsSrcDomain

public void setDnsSrcDomain(String dnsSrcDomain)

The local DNS domain that is being queried.

setDnsSrcRecord

public void setDnsSrcRecord(String dnsSrcRecord)

The local DNS resource record being acted upon.

setDnsSrcZone

public void setDnsSrcZone(String dnsSrcZone)

The DNS zone that is being transferred by the master as part of a zone transfer.

setEmailRecipient

public void setEmailRecipient(String emailRecipient)

The person to whom an email is sent.

setEmailSender

public void setEmailSender(String emailSender)

The person responsible for sending an email.

setEmailSubject

public void setEmailSubject(String emailSubject)

The email subject line.

setFileAccessTime

public void setFileAccessTime(long fileAccessTime)

The time the file (the object of the event) was accessed.

setFileCreateTime

public void setFileCreateTime(long fileCreateTime)

The time the file (the object of the event) was created.

setFileHash

public void setFileHash(String fileHash)

A cryptographic identifier assigned to the file object affected by the event.

setFileModifyTime

public void setFileModifyTime(long fileModifyTime)

The time the file (the object of the event) was altered.

setFileName

public void setFileName(String fileName)

The name of the file that is the object of the event (without location information related to local file or directory structure).

setFilePath

public void setFilePath(String filePath)

The location of the file that is the object of the event, in terms of local file and directory structure.

setFilePermission

public void setFilePermission(String filePermission)

Access controls associated with the file affected by the event.

setFileSize

public void setFileSize(long fileSize)

The size of the file that is the object of the event. Indicate whether Bytes, KB, MB, GB.

setIntrusionDetectionCategory

public void setIntrusionDetectionCategory(String intrusionDetectionCategory)

The category of the triggered signature.

setIntrusionDetectionDest

public void setIntrusionDetectionDest(String intrusionDetectionDest)

The destination of the attack detected by the intrusion detection system (IDS). If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setIntrusionDetectionDvc

public void setIntrusionDetectionDvc(String intrusionDetectionDvc)

The device that detected the intrusion event.

setIntrusionDetectionIdsType

public void setIntrusionDetectionIdsType(String intrusionDetectionIdsType)

The type of IDS that generated the event.

setIntrusionDetectionProduct

public void setIntrusionDetectionProduct(String intrusionDetectionProduct)

The product name of the vendor technology generating network protection data, such as IDP, Providentia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setIntrusionDetectionSeverity

public void setIntrusionDetectionSeverity(String intrusionDetectionSeverity)

The severity of the network protection event (such as critical, high, medium, low, or informational). Note: This field is a string. Please use a severity_id field for severity ID fields that are integer data types.

setIntrusionDetectionSignature

public void setIntrusionDetectionSignature(String intrusionDetectionSignature)

The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre.

setIntrusionDetectionSrc

public void setIntrusionDetectionSrc(String intrusionDetectionSrc)

The source involved in the attack detected by the IDS. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.

setIntrusionDetectionUser

public void setIntrusionDetectionUser(String intrusionDetectionUser)

The user involved with the intrusion detection event.

setIntrusionDetectionVendor

public void setIntrusionDetectionVendor(String intrusionDetectionVendor)

The vendor technology used to generate network protection data, such as IDP, Providentia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setMalwareEndpointProtectionAction

public void setMalwareEndpointProtectionAction(String malwareEndpointProtectionAction)

The outcome of the infection

setMalwareEndpointProtectionDestNtDomain

public void setMalwareEndpointProtectionDestNtDomain(String malwareEndpointProtectionDestNtDomain)

The NT domain of the destination (the dest_bestmatch).

setMalwareEndpointProtectionFileHash

public void setMalwareEndpointProtectionFileHash(String malwareEndpointProtectionFileHash)

The cryptographic hash of the file associated with the malware event (such as the malicious or infected file).

setMalwareEndpointProtectionFileName

public void setMalwareEndpointProtectionFileName(String malwareEndpointProtectionFileName)

The name of the file involved in the malware event (such as the infected or malicious file).

setMalwareEndpointProtectionFilePath

public void setMalwareEndpointProtectionFilePath(String malwareEndpointProtectionFilePath)

The path of the file involved in the malware event (such as the infected or malicious file).

setMalwareEndpointProtectionProduct

public void setMalwareEndpointProtectionProduct(String malwareEndpointProtectionProduct)

The product name of the vendor technology (the vendor field) that is generating malware data (such as Antivirus or EPO).

setMalwareEndpointProtectionProductVersion

public void setMalwareEndpointProtectionProductVersion(String malwareEndpointProtectionProductVersion)

The product version number of the vendor technology installed on the client (such as 10.4.3 or 11.0.2).

setMalwareEndpointProtectionSignature

public void setMalwareEndpointProtectionSignature(String malwareEndpointProtectionSignature)

The name of the malware infection detected on the client (the src), such as Trojan.Vundo,Spyware.Gaobot,W32.Nimbda). Note: This field is a string. Please use a signature_id field for signature ID fields that are integer data types.

setMalwareEndpointProtectionSignatureVersion

public void setMalwareEndpointProtectionSignatureVersion(String malwareEndpointProtectionSignatureVersion)

The current signature definition set running on the client, such as 11hsvx)

setMalwareEndpointProtectionDest

public void setMalwareEndpointProtectionDest(String malwareEndpointProtectionDest)

The target affected or infected by the malware. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setMalwareEndpointProtectionSrcNtDomain

public void setMalwareEndpointProtectionSrcNtDomain(String malwareEndpointProtectionSrcNtDomain)

The NT domain of the source (the src).

setMalwareEndpointProtectionUser

public void setMalwareEndpointProtectionUser(String malwareEndpointProtectionUser)

The name of the user involved in the malware event.

setMalwareEndpointProtectionVendor

public void setMalwareEndpointProtectionVendor(String malwareEndpointProtectionVendor)

The name of the vendor technology generating malware data, such as Symantec or McAfee.

setMalwareNetworkProtectionProduct

public void setMalwareNetworkProtectionProduct(String malwareNetworkProtectionProduct)

The product name of the vendor technology generating network protection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setMalwareNetworkProtectionSeverity

public void setMalwareNetworkProtectionSeverity(String malwareNetworkProtectionSeverity)

The severity of the network protection event (such as critical, high, medium, low, or informational). Note: This field is a string. Please use a severity_id field for severity ID fields that are integer data types.

setMalwareNetworkProtectionVendor

public void setMalwareNetworkProtectionVendor(String malwareNetworkProtectionVendor)

The vendor technology used to generate network protection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setNetworkTrafficEssAction

public void setNetworkTrafficEssAction(String networkTrafficEssAction)

The action of the network traffic.

setNetworkTrafficEssDestPort

public void setNetworkTrafficEssDestPort(int networkTrafficEssDestPort)

The destination port of the network traffic.

setNetworkTrafficEssProduct

public void setNetworkTrafficEssProduct(String networkTrafficEssProduct)

The product name of the vendor technology generating NetworkProtection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setNetworkTrafficEssSrcPort

public void setNetworkTrafficEssSrcPort(int networkTrafficEssSrcPort)

The source port of the network traffic.

setNetworkTrafficEssVendor

public void setNetworkTrafficEssVendor(String networkTrafficEssVendor)

The vendor technology used to generate NetworkProtection data, such as IDP, Proventia, and ASA. Note: Required for all events dealing with network protection (Change analysis, proxy, malware, intrusion detection, packet filtering, and vulnerability).

setNetworkTrafficGenericAppLayer

public void setNetworkTrafficGenericAppLayer(String networkTrafficGenericAppLayer)

The ISO layer 7 (application layer) protocol, such as HTTP, HTTPS, SSH, and IMAP.

setNetworkTrafficGenericBytesIn

public void setNetworkTrafficGenericBytesIn(long networkTrafficGenericBytesIn)

How many bytes this device/interface received.

setNetworkTrafficGenericBytesOut

public void setNetworkTrafficGenericBytesOut(long networkTrafficGenericBytesOut)

How many bytes this device/interface transmitted.

setNetworkTrafficGenericChannel

public void setNetworkTrafficGenericChannel(String networkTrafficGenericChannel)

802.11 channel number used by a wireless network.

setNetworkTrafficGenericCve

public void setNetworkTrafficGenericCve(String networkTrafficGenericCve)

The Common Vulnerabilities and Exposures (CVE) reference value.

setNetworkTrafficGenericDestApp

public void setNetworkTrafficGenericDestApp(String networkTrafficGenericDestApp)

The destination application being targeted.

setNetworkTrafficGenericDestCncChannel

public void setNetworkTrafficGenericDestCncChannel(String networkTrafficGenericDestCncChannel)

The destination command and control service channel.

setNetworkTrafficGenericDestCncName

public void setNetworkTrafficGenericDestCncName(String networkTrafficGenericDestCncName)

The destination command and control service name.

setNetworkTrafficGenericDestCncPort

public void setNetworkTrafficGenericDestCncPort(String networkTrafficGenericDestCncPort)

The destination command and control service port.

setNetworkTrafficGenericDestCountry

public void setNetworkTrafficGenericDestCountry(String networkTrafficGenericDestCountry)

The country associated with a packet's recipient.

setNetworkTrafficGenericDestHost

public void setNetworkTrafficGenericDestHost(String networkTrafficGenericDestHost)

The fully qualified host name of a packet's recipient. For HTTP sessions, this is the host header.

setNetworkTrafficGenericDestInt

public void setNetworkTrafficGenericDestInt(String networkTrafficGenericDestInt)

The interface that is listening remotely or receiving packets locally.

setNetworkTrafficGenericDestIp

public void setNetworkTrafficGenericDestIp(String networkTrafficGenericDestIp)

The IPv4 address of a packet's recipient.

setNetworkTrafficGenericDestIpv6

public void setNetworkTrafficGenericDestIpv6(String networkTrafficGenericDestIpv6)

The IPv6 address of a packet's recipient.

setNetworkTrafficGenericDestLat

public void setNetworkTrafficGenericDestLat(int networkTrafficGenericDestLat)

The (physical) latitude of a packet's destination.

setNetworkTrafficGenericDestLong

public void setNetworkTrafficGenericDestLong(int networkTrafficGenericDestLong)

The (physical) longitude of a packet's destination.

setNetworkTrafficGenericDestMac

public void setNetworkTrafficGenericDestMac(String networkTrafficGenericDestMac)

The destination TCP/IP layer 2 Media Access Control (MAC) address of a packet's destination.

setNetworkTrafficGenericDestNtDomain

public void setNetworkTrafficGenericDestNtDomain(String networkTrafficGenericDestNtDomain)

The Windows NT domain containing a packet's destination.

setNetworkTrafficGenericDestNtHost

public void setNetworkTrafficGenericDestNtHost(String networkTrafficGenericDestNtHost)

The Windows NT host name of a packet's destination.

setNetworkTrafficGenericDestPort

public void setNetworkTrafficGenericDestPort(int networkTrafficGenericDestPort)

TCP/IP port to which a packet is being sent.

setNetworkTrafficGenericDestTranslatedIp

public void setNetworkTrafficGenericDestTranslatedIp(String networkTrafficGenericDestTranslatedIp)

The NATed IPv4 address to which a packet has been sent.

setNetworkTrafficGenericDestTranslatedPort

public void setNetworkTrafficGenericDestTranslatedPort(int networkTrafficGenericDestTranslatedPort)

The NATed port to which a packet has been sent.

setNetworkTrafficGenericIpVersion

public void setNetworkTrafficGenericIpVersion(int networkTrafficGenericIpVersion)

The numbered Internet Protocol version.

setNetworkTrafficGenericOutboundInterface

public void setNetworkTrafficGenericOutboundInterface(String networkTrafficGenericOutboundInterface)

The network interface through which a packet was transmitted.

setNetworkTrafficGenericPacketsIn

public void setNetworkTrafficGenericPacketsIn(long networkTrafficGenericPacketsIn)

How many packets this device/interface received.

setNetworkTrafficGenericPacketsOut

public void setNetworkTrafficGenericPacketsOut(long networkTrafficGenericPacketsOut)

How many packets this device/interface transmitted.

setNetworkTrafficGenericProto

public void setNetworkTrafficGenericProto(String networkTrafficGenericProto)

The OSI layer 3 (Network Layer) protocol, such as IPv4/IPv6, ICMP, IPsec, IGMP or RIP.

setNetworkTrafficGenericSessionId

public void setNetworkTrafficGenericSessionId(String networkTrafficGenericSessionId)

The session identifier. Multiple transactions build a session.

setNetworkTrafficGenericSsid

public void setNetworkTrafficGenericSsid(String networkTrafficGenericSsid)

The 802.11 service set identifier (ssid) assigned to a wireless session.

setNetworkTrafficGenericSrcCountry

public void setNetworkTrafficGenericSrcCountry(String networkTrafficGenericSrcCountry)

The country from which the packet was sent.

setNetworkTrafficGenericSrcHost

public void setNetworkTrafficGenericSrcHost(String networkTrafficGenericSrcHost)

The fully qualified host name of the system that transmitted the packet. For Web logs, this is the HTTP client.

setNetworkTrafficGenericSrcInt

public void setNetworkTrafficGenericSrcInt(String networkTrafficGenericSrcInt)

The interface that is listening locally or sending packets remotely.

setNetworkTrafficGenericSrcIp

public void setNetworkTrafficGenericSrcIp(String networkTrafficGenericSrcIp)

The IPv4 address of the packet's source. For Web logs, this is the http client.

setNetworkTrafficGenericSrcIpv6

public void setNetworkTrafficGenericSrcIpv6(String networkTrafficGenericSrcIpv6)

The IPv6 address of the packet's source.

setNetworkTrafficGenericSrcLat

public void setNetworkTrafficGenericSrcLat(int networkTrafficGenericSrcLat)

The (physical) latitude of the packet's source.

setNetworkTrafficGenericSrcLong

public void setNetworkTrafficGenericSrcLong(int networkTrafficGenericSrcLong)

The (physical) longitude of the packet's source.

setNetworkTrafficGenericSrcMac

public void setNetworkTrafficGenericSrcMac(String networkTrafficGenericSrcMac)

The Media Access Control (MAC) address from which a packet was transmitted.

setNetworkTrafficGenericSrcNtDomain

public void setNetworkTrafficGenericSrcNtDomain(String networkTrafficGenericSrcNtDomain)

The Windows NT domain containing the machines that generated the event.

setNetworkTrafficGenericSrcNtHost

public void setNetworkTrafficGenericSrcNtHost(String networkTrafficGenericSrcNtHost)

The Windows NT hostname of the system that generated the event.

setNetworkTrafficGenericSrcPort

public void setNetworkTrafficGenericSrcPort(int networkTrafficGenericSrcPort)

The network port from which a packet originated.

setNetworkTrafficGenericSrcTranslatedIp

public void setNetworkTrafficGenericSrcTranslatedIp(String networkTrafficGenericSrcTranslatedIp)

The NATed IPv4 address from which a packet has been sent.

setNetworkTrafficGenericSrcTranslatedPort

public void setNetworkTrafficGenericSrcTranslatedPort(int networkTrafficGenericSrcTranslatedPort)

The NATed network port from which a packet has been sent.

setNetworkTrafficGenericSyslogId

public void setNetworkTrafficGenericSyslogId(String networkTrafficGenericSyslogId)

The application, process, or OS subsystem that generated the event.

setNetworkTrafficGenericSyslogPriority

public void setNetworkTrafficGenericSyslogPriority(String networkTrafficGenericSyslogPriority)

The criticality of an event, as recorded by UNIX syslog.

setNetworkTrafficGenericTcpFlag

public void setNetworkTrafficGenericTcpFlag(String networkTrafficGenericTcpFlag)

The TCP flag(s) specified in the event.

setNetworkTrafficGenericTos

public void setNetworkTrafficGenericTos(String networkTrafficGenericTos)

The hex bit that specifies TCP 'type of service'

See Also:

Type of Service

setNetworkTrafficGenericTransport

public void setNetworkTrafficGenericTransport(String networkTrafficGenericTransport)

The transport protocol.

setNetworkTrafficGenericTtl

public void setNetworkTrafficGenericTtl(int networkTrafficGenericTtl)

The "time to live" of a packet or datagram.

setNetworkTrafficGenericVlanId

public void setNetworkTrafficGenericVlanId(long networkTrafficGenericVlanId)

The numeric identifier assigned to the virtual local area network (VLAN) specified in the record.

setNetworkTrafficGenericVlanName

public void setNetworkTrafficGenericVlanName(String networkTrafficGenericVlanName)

The name assigned to the virtual local area network (VLAN) specified in the record.

setPacketFilteringAction

public void setPacketFilteringAction(String packetFilteringAction)

The action the filtering device (the dvc_bestmatch field) performed on the communication.

setPacketFilteringDestPort

public void setPacketFilteringDestPort(int packetFilteringDestPort)

The IP port of the packet's destination, such as 22.

setPacketFilteringDirection

public void setPacketFilteringDirection(String packetFilteringDirection)

The direction the packet is traveling.

setPacketFilteringDvc

public void setPacketFilteringDvc(String packetFilteringDvc)

The name of the packet filtering device. If your field is named dvc_host, dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.

setPacketFilteringRule

public void setPacketFilteringRule(String packetFilteringRule)

The rule which took action on the packet, such as 143.

setPacketFilteringSvcPort

public void setPacketFilteringSvcPort(int packetFilteringSvcPort)

The IP port of the packet's source, such as 34541.

setProxyAction

public void setProxyAction(String proxyAction)

The action taken by the proxy.

setProxyDest

public void setProxyDest(String proxyDest)

The destination of the network traffic (the remote host).

setProxyHttpContentType

public void setProxyHttpContentType(String proxyHttpContentType)

The content-type of the requested HTTP resource.

setProxyHttpMethod

public void setProxyHttpMethod(String proxyHttpMethod)

The HTTP method used to request the resource.

setProxyHttpRefer

public void setProxyHttpRefer(String proxyHttpRefer)

The HTTP referrer used to request the HTTP resource.

setProxyHttpResponse

public void setProxyHttpResponse(int proxyHttpResponse)

The HTTP response code.

setProxyHttpUserAgent

public void setProxyHttpUserAgent(String proxyHttpUserAgent)

The user agent used to request the HTTP resource.

setProxyProduct

public void setProxyProduct(String proxyProduct)

The product name of the vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.

setProxySrc

public void setProxySrc(String proxySrc)

The source of the network traffic (the client requesting the connection).

setProxyStatus

public void setProxyStatus(int proxyStatus)

The HTTP response code indicating the status of the proxy request.

setProxyUser

public void setProxyUser(String proxyUser)

The user that requested the HTTP resource.

setProxyUrl

public void setProxyUrl(String proxyUrl)

The URL of the requested HTTP resource.

setProxyVendor

public void setProxyVendor(String proxyVendor)

The vendor technology generating Network Protection data, such as IDP, Providentia, and ASA.

setSystemCenterApp

public void setSystemCenterApp(String systemCenterApp)

The running application or service on the system (the src field), such as explorer.exe or sshd.

setSystemCenterFreembytes

public void setSystemCenterFreembytes(long systemCenterFreembytes)

The amount of disk space available per drive or mount (the mount field) on the system (the src field).

setSystemCenterKernelRelease

public void setSystemCenterKernelRelease(String systemCenterKernelRelease)

The version of operating system installed on the host (the src field), such as 6.0.1.4 or 2.6.27.30-170.2.82.fc10.x86_64.

setSystemCenterLabel

public void setSystemCenterLabel(String systemCenterLabel)

Human-readable version of the SystemUptime value.

setSystemCenterMount

public void setSystemCenterMount(String systemCenterMount)

The drive or mount reporting available disk space (the FreeMBytes field) on the system (the src field).

setSystemCenterOs

public void setSystemCenterOs(String systemCenterOs)

The name of the operating system installed on the host (the src), such as Microsoft Windows Server 2003 or GNU/Linux).

setSystemCenterPercentprocessortime

public void setSystemCenterPercentprocessortime(int systemCenterPercentprocessortime)

The percentage of processor utilization.

setSystemCenterSetlocaldefs

public void setSystemCenterSetlocaldefs(int systemCenterSetlocaldefs)

The setlocaldefs setting from the SE Linux configuration.

setSystemCenterSelinux

public void setSystemCenterSelinux(String systemCenterSelinux)

Values from the SE Linux configuration file.

setSystemCenterSelinuxtype

public void setSystemCenterSelinuxtype(String systemCenterSelinuxtype)

The SE Linux type (such as targeted).

setSystemCenterShell

public void setSystemCenterShell(String systemCenterShell)

The shell provided to the User Account (the user field) upon logging into the system (the src field).

setSystemCenterSrcPort

public void setSystemCenterSrcPort(int systemCenterSrcPort)

The TCP/UDP source port on the system (the src field).

setSystemCenterSshdProtocol

public void setSystemCenterSshdProtocol(String systemCenterSshdProtocol)

The sshd protocol version.

setSystemCenterStartmode

public void setSystemCenterStartmode(String systemCenterStartmode)

The start mode of the given service.

setSystemCenterSystemuptime

public void setSystemCenterSystemuptime(long systemCenterSystemuptime)

The number of seconds since the system (the src) has been "up."

setSystemCenterTotalmbytes

public void setSystemCenterTotalmbytes(long systemCenterTotalmbytes)

The total amount of available memory on the system (the src).

setSystemCenterUsedmbytes

public void setSystemCenterUsedmbytes(long systemCenterUsedmbytes)

The amount of used memory on the system (the src).

setSystemCenterUser

public void setSystemCenterUser(String systemCenterUser)

The User Account present on the system (the src).

setSystemCenterUpdates

public void setSystemCenterUpdates(long systemCenterUpdates)

The number of updates the system (the src) is missing.

setTrafficDest

public void setTrafficDest(String trafficDest)

The destination of the network traffic. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setTrafficDvc

public void setTrafficDvc(String trafficDvc)

The name of the packet filtering device. If your field is named dvc_host, dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.

setTrafficSrc

public void setTrafficSrc(String trafficSrc)

The source of the network traffic. If your field is named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to make it CIM-compliant.

setUpdatePackage

public void setUpdatePackage(String updatePackage)

The name of the installed update.

setUserInfoUpdatesAffectedUser

public void setUserInfoUpdatesAffectedUser(String userInfoUpdatesAffectedUser)

A user that has been affected by a change. For example, user fflanda changed the name of user rhallen, so affected_user=rhallen.

setUserInfoUpdatesAffectedUserGroup

public void setUserInfoUpdatesAffectedUserGroup(String userInfoUpdatesAffectedUserGroup)

The user group affected by a change.

setUserInfoUpdatesAffectedUserGroupId

public void setUserInfoUpdatesAffectedUserGroupId(int userInfoUpdatesAffectedUserGroupId)

The identifier of the user group affected by a change.

setUserInfoUpdatesAffectedUserId

public void setUserInfoUpdatesAffectedUserId(int userInfoUpdatesAffectedUserId)

The identifier of the user affected by a change.

setUserInfoUpdatesAffectedUserPrivilege

public void setUserInfoUpdatesAffectedUserPrivilege(String userInfoUpdatesAffectedUserPrivilege)

The security context associated with the user affected by a change.

setUserInfoUpdatesUser

public void setUserInfoUpdatesUser(String userInfoUpdatesUser)

The name of the user affected by the recorded event.

setUserInfoUpdatesUserGroup

public void setUserInfoUpdatesUserGroup(String userInfoUpdatesUserGroup)

A user group that is the object of an event, expressed in human-readable terms.

setUserInfoUpdatesUserGroupId

public void setUserInfoUpdatesUserGroupId(int userInfoUpdatesUserGroupId)

The numeric identifier assigned to the user group event object.

setUserInfoUpdatesUserId

public void setUserInfoUpdatesUserId(int userInfoUpdatesUserId)

The system-assigned identifier for the user affected by an event.

setUserInfoUpdatesUserPrivilege

public void setUserInfoUpdatesUserPrivilege(String userInfoUpdatesUserPrivilege)

The security context associated with the object of an event (the affected user).

setUserInfoUpdatesUserSubject

public void setUserInfoUpdatesUserSubject(String userInfoUpdatesUserSubject)

The name of the user that is the subject of an event--the user executing the action, in other words.

setUserInfoUpdatesUserSubjectId

public void setUserInfoUpdatesUserSubjectId(int userInfoUpdatesUserSubjectId)

The ID number of the user that is the subject of an event.

setUserInfoUpdatesUserSubjectPrivilege

public void setUserInfoUpdatesUserSubjectPrivilege(String userInfoUpdatesUserSubjectPrivilege)

The security context associated with the subject of an event (the user causing a change).

setVulnerabilityCategory

public void setVulnerabilityCategory(String vulnerabilityCategory)

The category of the discovered vulnerability.

setVulnerabilityDest

public void setVulnerabilityDest(String vulnerabilityDest)

The host with the discovered vulnerability. If your field is named dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it CIM-compliant.

setVulnerabilityOs

public void setVulnerabilityOs(String vulnerabilityOs)

The operating system of the host containing the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.

setVulnerabilitySeverity

public void setVulnerabilitySeverity(String vulnerabilitySeverity)

The severity of the discovered vulnerability.

setVulnerabilitySignature

public void setVulnerabilitySignature(String vulnerabilitySignature)

The name of the vulnerability detected on the client (the src field), such as SuSE Security Update, or cups security update.

setWindowsAdminObjectName

public void setWindowsAdminObjectName(String windowsAdminObjectName)

The object name (associated only with Windows).

setWindowsAdminObjectType

public void setWindowsAdminObjectType(String windowsAdminObjectType)

The object type (associated only with Windows).

setWindowsAdminObjectHandle

public void setWindowsAdminObjectHandle(String windowsAdminObjectHandle)

The object handle (associated only with Windows).