Skip to content
This repository has been archived by the owner on Aug 31, 2018. It is now read-only.

table_config_detectors

Jump to bottom
robfry edited this page Oct 9, 2014 · 3 revisions

Home

Database Overview ####configs_detectors table

key | type | value

detectortype | string | %value% |

Unique string value currently made up of one of the following: webservice, log, sql, email. This value specifies type of data which FIDO will parse.

detector | string | %value% |

Detector is a more specific value such as mps, cyport, antivirus, etc. Many detectors have more than one way to parse them. For instance, Cyphort has both an API and syslog. This value goes hand-in-hand with the detectortype as it tells what format (type) and then which detector (cyphort).

vendor | string | %value% |

Vendor is a string value which is used as an identifier in the code, but does not server any programatic value. It is simply a label to provide a name in certain visual functions, i.e., mps=FireEye, antivirus=Sophos, etc.

server | string | %value% |

Only required for API, log, and SQL detector types. This will point to the FQDN, URL or UNC location of the resource to ingest information from.

folder | string | %value% |

Folder is only used with email and specifies the location of where alerts are stored after being received.

file | string | %value% |

File is used with the log type and is the filename of the log to be parsed.

lastevent | string | %value% |

Placeholder, depending on detector, to store the most recent event stored. Used to prevent processing duplicate events. Most likely deprecated and will be moved to another table such as event_alerts.

userid | string | %value% |

Encrypted value, if necessary, to store the userid for logging in to retrieve data.

pwd | string | %value% |

Encrypted value, if necessary, to store the password for logging in to retrieve data.

db | string | %value% |

For the SQL type, the database name from which to retrieve information.

connectionstring | string | %value% |

For the SQL type, the connection string used to connect to the external database.

query | string | %value% |

For the API or SQL type, the query to run to retrieve data.

api_key | string | %value% |

For the API type, the API key used to login to retrieve data.

Clone this wiki locally