Skip to main content
Version: 1.4.0

CEF

The Common Event Format is a standardized security event logging layout. Its creator is ArcSight, and it has been widely adopted by the industry. Features include:

  • Standard header with 7 required fields
  • Extensible key-value pair extension format
  • Header fields include: version, device vendor, device product, device version, signature ID, name, and severity
  • Extension fields use a key=value format