event.observer Guidelines
The table below contains a non-exhaustive list of values that are used in parsers for the observer.type field.
When creating parsers, we recommend that you reuse these values where applicable.
| #observer.type Value |
|---|
forwarder
|
firewall
|
ids
|
ips
|
proxy
|
poller
|
sensor
|
server
|
iam
|
vpn
|
dlp
|
anti-virus
|
seg
|
waf
|
nac
|
siem
|
os
|
email-security
|
identity
|
dataprotection
|
domain controller
|
cspm
|
dhcp
|
sase
|
email-appliance
|
database
|
crm
|
pam
|
saas-security
|
appliance
|
mobile-security
|
vpn-gateway
|
penetration-testing
|
orchestrator
|
nids
|
web
|
ndr
|
router
|
endpoint-security
|
adc
|
security-awareness
|
email-scanning
|
amx
|
edr
|
access_point
|