Help Center
CEF Key Names For Event Consumers
| CEF Specification Version | CEF Field Name | CEF Key Name / Abbreviation | Data Type | Length / Size | Description |
|---|---|---|---|---|---|
| 0.1 | agentDnsDomain | agentDnsDomain | String | 255 | The DNS domain name of the ArcSight connector that processed the event. |
| 0.1 | agentNtDomain | agentNtDomain | String | 255 | |
| 0.1 | agentTranslatedAddress | agentTranslatedAddress | IpAddress | ||
| 0.1 | agentTranslatedZoneExternalID | agentTranslatedZoneExternalID | String | 200 | |
| 0.1 | agentTranslatedZoneURI | agentTranslatedZoneURI | String | 2048 | |
| 0.1 | agentZoneExternalID | agentZoneExternalID | String | 200 | |
| 0.1 | agentZoneURI | agentZoneURI | String | 2048 | |
| 0.1 | agentAddress | agt | IpAddress | The IP address of the ArcSight connector that processed the event. | |
| 0.1 | agentHostName | ahost | String | 1023 | The hostname of the ArcSight connector that processed the event. |
| 0.1 | agentId | aid | String | 40 | The agent ID of the ArcSight connector that processed the event. |
| 0.1 | agentMacAddress | amac | MacAddress | The MAC address of the ArcSight connector that processed the event. | |
| 0.1 | agentReceiptTime | art | DateTime | The time at which information about the event was received by the ArcSight connector. | |
| 0.1 | agentType | at | String | 63 | The agent type of the ArcSight connector that processed the event |
| 0.1 | agentTimeZone | atz | String | 255 | The agent time zone of the ArcSight connector that processed the event. |
| 0.1 | agentVersion | av | String | 31 | The version of the ArcSight connector that processed the event. |
| 0.1 | customerExternalID | customerExternalID | String | 200 | |
| 0.1 | customerURI | customerURI | String | 2048 | |
| 0.1 | destinationTranslatedZoneExternalID | destinationTranslatedZoneExternalID | String | 200 | |
| 0.1 | destinationTranslatedZoneURI | destinationTranslatedZoneURI | String | 2048 | The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. |
| 0.1 | destinationZoneExternalID | destinationZoneExternalID | String | 200 | |
| 0.1 | destinationZoneURI | destinationZoneURI | String | 2048 | The URI for the Zone that the destination asset has been assigned to in ArcSight. |
| 0.1 | deviceTranslatedZoneExternalID | deviceTranslatedZoneExternalID | String | 200 | |
| 0.1 | deviceTranslatedZoneURI | deviceTranslatedZoneURI | String | 2048 | The URI for the Translated Zone that the device asset has been assigned to in ArcSight. |
| 0.1 | deviceZoneExternalID | deviceZoneExternalID | String | 200 | |
| 0.1 | deviceZoneURI | deviceZoneURI | String | 2048 | Thee URI for the Zone that the device asset has been assigned to in ArcSight. |
| 0.1 | destinationGeoLatitude | dlat | Double | The latitudinal value from which the destination’s IP address belongs. | |
| 0.1 | destinationGeoLongitude | dlong | Double | The longitudinal value from which the destination’s IP address belongs. | |
| 0.1 | eventId | eventId | Id | This is a unique ID that ArcSight assigns to each event. | |
| 0.1 | rawEvent | rawEvent | String | 4000 | |
| 0.1 | sourceGeoLatitude | slat | Double | ||
| 0.1 | sourceGeoLongitude | slong | Double | ||
| 0.1 | sourceTranslatedZoneExternalID | sourceTranslatedZoneExternalID | String | 200 | |
| 0.1 | sourceTranslatedZoneURI | sourceTranslatedZoneURI | String | 2048 | The URI for the Translated Zone that the destination asset has been assigned to in ArcSight. |
| 0.1 | sourceZoneExternalID | sourceZoneExternalID | String | 200 | |
| 0.1 | sourceZoneURI | sourceZoneURI | String | 2048 | The URI for the Zone that the source asset has been assigned to in ArcSight. |
| 1.2 | agentTranslatedZoneKey | agentTranslatedZoneKey | Long | 64-bit | ID of an agentTranslatedZone resource reference. |
| 1.2 | agentZoneKey | agentZoneKey | Long | 64-bit | ID of an agentZone resource reference. |
| 1.2 | customerKey | customerKey | Long | 64-bit | ID of a customer resource reference. |
| 1.2 | destinationTranslatedZoneKey | destinationTranslatedZoneKey | Long | 64-bit | ID of a destinationTranslatedZone resource reference. |
| 1.2 | destinationZoneKey | dZoneKey | Long | 64-bit | ID of a destinationZone resource reference. |
| 1.2 | deviceTranslatedZoneKey | deviceTranslatedZoneKey | Long | 64-bit | ID of a deviceTranslatedZone resource reference. |
| 1.2 | deviceZoneKey | deviceZoneKey | Long | 64-bit | ID of a deviceZone resource reference. |
| 1.2 | sourceTranslatedZoneKey | sTranslatedZoneKey | Long | 64-bit | ID of a sourceTranslatedZone resource reference. |
| 1.2 | sourceZoneKey | sZoneKey | Long | 64-bit | ID of a sourceZone resource reference. |
| 1.2 | parserVersion | parserVersion | String | 8 | The release timestamp (DD-MM-YY) of the parser file that processed the event. |
| 1.2 | parserIdentifier | parserIdentifier | String | 36 | The parser ID of the parser file that processed the event. |
English 
Swedish