Skip to content




TCPWave reinforces DDI standards so that the DDI management and the service layers are built with consistency, continuity, creativity, and coherence. The TCPWave DDI standards aim to empower your network with the knowledge needed to drive your business. They also demonstrate how we can achieve a consistent and cohesive identity across our businesses that will differentiate us from our competition while connecting with our seasoned professionals. With many successful deployments, TCPWave stands out as the most trusted brand in the DDI world. We strive to learn and maintain a leading edge by constantly adhering to the highest standards. We ask our employees and partners to ensure that their decisions pass three tests: They are in our client's interests, enhance security, and adapt quickly to the changing technology landscapes. Since we do these things well, we positively impact the customers we serve and show what innovation can do. TCPWave has individuals with a driven mindset that demands responsible actions, an optimism to see a brighter future, the resilience to imagine a failure, and a passion for redefining the definition of perfection.

Product Details

Vendor URL: TCPWave DDI

Product Type: TCPWAVE_DDI

Product Tier: Tier I

Integration Method: Syslog

Integration URL: TCPWave DDI

Log Guide: N/A

Parser Details

Log Format: Syslog

Expected Normalization Rate: near 99%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
metadata.description description
metadata.description inner_message
metadata.description Log statistics
metadata.event_type GENERIC_EVENT
metadata.event_type NETWORK_DHCP
metadata.event_type NETWORK_DNS
metadata.product_event_type event_id
network.application_protocol DHCP
network.application_protocol DNS
network.dhcp.chaddr client_mac
network.dhcp.ciaddr client_ip
network.dhcp.ciaddr src_ip
network.dhcp.ciaddr target_ip
network.dhcp.giaddr relay_ip
network.dhcp.opcode BOOTREPLY
network.dhcp.opcode BOOTREQUEST
network.dhcp.siaddr src_ip
network.dhcp.type ACK
network.dhcp.type DISCOVER
network.dhcp.type INFORM
network.dhcp.type NAK
network.dhcp.type OFFER
network.dhcp.type RELEASE
network.dhcp.type REQUEST
network.dhcp.yiaddr src_ip
network.dns.answers response
network.dns.authority zone
network.dns.questions query
network.dns.questions question.type
network.dns.recursion_desired true
principal.ip src_ip
principal.ip kv.src
principal.mac client_mac
principal.port integer target_host target_ip
network.dhcp.sname server_host
target.hostname server_host
principal.port src_port
target.administrative_domain zone
target.ip dst_ip
target.ip server_ip
target.ip target_ip
target.mac client_mac
target.hostname target_host

Product Event Types

Description metadata.event_type
Default and failover if missing DHCP/DNS fields GENERIC_EVENT
If log is DHCP event NETWORK_DHCP
If log doesn't match known filters NETWORK_DNS

Log Sample

Oct  6 14:01:03 hostname named[9571]: 06-Oct-2022 14:01:03.337 info: client @0x7f14742e74c0 ( query failed (SERVFAIL) for at query.c:8678

Sample Parsing

metadata.event_type = "NETWORK_DNS"
metadata.description = "query failed"
principal.ip = ""
principal.port = 56823
principal.asset.ip = ""
target.hostname = ""
target.asset.hostname = ""
network.application_protocol = "DNS" = ""

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon