Device 42¶
About¶
Discover every type of asset in your network and see their interdependencies in near real-time. As assets move and change, you are able to track those changes and keep a tab on what you really have in your environment.
Product Details¶
Vendor URL: Device 42
Product Type: Discovery and Asset Management
Product Tier: Tier III
Integration Method: Webhook
Integration URL: External Integrations and Migrations | External Logging Config | Device 42
Log Guide: Object History | Device 42
Parser Details¶
Log Format: Json
Expected Normalization Rate: 90%
Data Label: DEVICE_42
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Device_42 | metadata.vendor_name |
| product_event | metadata.product_event_type |
| product_log_id | metadata.product_log_id |
| rule_id | security_result.rule_id |
| rule_name | security_result.rule_name |
| GENERIC_EVENT | metadata.event_type |
| summary | security_result.action_details |
| Device 42 IT AMP | metadata.product_name |
Product Event Types¶
| type,subtype | severity | UDM Event Classification | alerting enabled |
|---|---|---|---|
| Default | GENERIC_EVENT |
Log Sample¶
{"category": "resourcerelationship", "action": "I", "from": "Task", "user": "RC", "time_stamp": "2023-10-05 20:51:21.537362+00:00", "data": {"id": "2222222", "cascade": "f", "relation": "123_pod_volumes", "to_resource_id": "222222", "from_resource_id": "222222"}}
Sample Parsing¶
principal.namespace = "generic-webhook-collector-questrade"
principal.resource.attribute.labels.key = "Type of resource action is from."
principal.resource.attribute.labels.value = "Task"
principal.resource.product_object_id = "2222222"
principal.resource.resource_subtype = "Resource Relationship"
principal.user.userid = "RC"
security_result.action_details = "A new resource was added."
target.namespace = "generic-webhook-collector-questrade"
target.resource.attribute.labels.key = "Cascade Deletions from Resource (True/False)"
target.resource.attribute.labels.value = "f"
target.resource.name = "2222222"
target.resource.product_object_id = "2222222"
target.resource.resource_subtype = "123_pod_volumes"
target.resource.resource_type = "POD"