Mappings: McAfee WebGateway - CEF - User Login
Input | Value |
---|---|
Vendor | McAfee |
Product | WebGateway |
Log Format | CEF |
Event ID Regex Pattern | USER_LOGIN |
Output | Value |
---|---|
Vendor | McAfee |
Product | Web Gateway |
Record Type | Authentication |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | action | |
description | None | The static text A user has authenticated to the web gateway is populated in this schema field. |
device_hostname | Appliance | |
normalizedAction | None | The static text logon is populated in this schema field. |
srcDevice_ip | Source_ID | |
success | None | The static text true is populated in this schema field. |
timestamp | Timestamp | We expect the orginal record value of Timestamp is in the format dd/MMM/yyyy:HH:mm:ss.SSS |
user_username | User |