https://community.checkpoint.com/t5/Mobile/Request-for-CEF-ArcSight-Fields-Description-for-Harmony-Mobile/m-p/155765#M859 <P>Hello Team,&nbsp;</P><P>&nbsp;</P><P>Previously I posted in the community for the help on log reference guide for Harmony Mobile.&nbsp;</P><P>I was provided solution to refer&nbsp;<SPAN>sk144192.&nbsp;</SPAN></P><P><SPAN>I went through all the fields but I could not find any field matching of my CEF Harmony Mobile(Sandblast Mobile) Log.&nbsp;</SPAN></P><P><SPAN>Request all to provide log reference guide or fields description which can explain me CEF (ArcSight) syslog fields of Harmony Mobile.&nbsp;</SPAN></P><P><SPAN>Thank you.&nbsp;</SPAN></P><P>&nbsp;</P><P>Our CEF format for reference:</P><P>CEF:0|Check Point|SMB|XXX|XXX|Application|X|act=XXX alert_details=XXXX app_name=XXX app_package=XXX bssid=None cat=Alert cnt=XX cs1=XX cs1Label=DeviceType cs2=XX cs2Label=Phone cs3=XX cs3Label=OSLevel cs4=XX cs4Label=DeviceDetails cs5=None cs5Label=NetworkCertificate cs6=XX cs6Label=Current Device Risk deviceDirection=XX deviceExternalId=XX deviceInboundInterface=XX device_client_version=XX duid=XXX duser=XX dvchost=XX externalId=dXX fileHash=XX fileId=XXX filePermission=XX fileType=XXXXXXXXXXXXXXXXXX msg=XXXXXXXXXXX resource=None rt=XX sender=None sms_urls=XX ssid=XX start=XX suid=XX suser=XX</P><P>&nbsp;</P> Fri, 26 Aug 2022 09:33:57 GMT Devavrat 2022-08-26T09:33:57Z https://community.checkpoint.com/t5/Mobile/Request-for-CEF-ArcSight-Fields-Description-for-Harmony-Mobile/m-p/155765#M859 <P>Hello Team,&nbsp;</P><P>&nbsp;</P><P>Previously I posted in the community for the help on log reference guide for Harmony Mobile.&nbsp;</P><P>I was provided solution to refer&nbsp;<SPAN>sk144192.&nbsp;</SPAN></P><P><SPAN>I went through all the fields but I could not find any field matching of my CEF Harmony Mobile(Sandblast Mobile) Log.&nbsp;</SPAN></P><P><SPAN>Request all to provide log reference guide or fields description which can explain me CEF (ArcSight) syslog fields of Harmony Mobile.&nbsp;</SPAN></P><P><SPAN>Thank you.&nbsp;</SPAN></P><P>&nbsp;</P><P>Our CEF format for reference:</P><P>CEF:0|Check Point|SMB|XXX|XXX|Application|X|act=XXX alert_details=XXXX app_name=XXX app_package=XXX bssid=None cat=Alert cnt=XX cs1=XX cs1Label=DeviceType cs2=XX cs2Label=Phone cs3=XX cs3Label=OSLevel cs4=XX cs4Label=DeviceDetails cs5=None cs5Label=NetworkCertificate cs6=XX cs6Label=Current Device Risk deviceDirection=XX deviceExternalId=XX deviceInboundInterface=XX device_client_version=XX duid=XXX duser=XX dvchost=XX externalId=dXX fileHash=XX fileId=XXX filePermission=XX fileType=XXXXXXXXXXXXXXXXXX msg=XXXXXXXXXXX resource=None rt=XX sender=None sms_urls=XX ssid=XX start=XX suid=XX suser=XX</P><P>&nbsp;</P> Fri, 26 Aug 2022 09:33:57 GMT https://community.checkpoint.com/t5/Mobile/Request-for-CEF-ArcSight-Fields-Description-for-Harmony-Mobile/m-p/155765#M859 Devavrat 2022-08-26T09:33:57Z https://community.checkpoint.com/t5/Mobile/Request-for-CEF-ArcSight-Fields-Description-for-Harmony-Mobile/m-p/156303#M860 <P>Suggest discussing the requirement further with your local SE / TAC who can enquire further on your behalf.</P> <P>Meanwhile if I find an alternate reference I will update you here.</P> Fri, 02 Sep 2022 07:43:36 GMT https://community.checkpoint.com/t5/Mobile/Request-for-CEF-ArcSight-Fields-Description-for-Harmony-Mobile/m-p/156303#M860 Chris_Atkinson 2022-09-02T07:43:36Z