CEF

The Common Event Format is a standardized security event logging layout. Its creator is ArcSight, and it has been widely adopted by the industry. Features include:

• Standard header with 7 required fields
• Extensible key-value pair extension format
• Header fields include: version, device vendor, device product, device version, signature ID, name, and severity
• Extension fields use a key=value format