# Implementing ArcSight Common Event Format # Chapter2: ArcSight Extension Dictionary # CEF Key Names For Event Producers cef_key_names_for_event_producers: - act - app - c6a1 - c6a1Label - c6a2 - c6a2Label - c6a3 - c6a3Label - c6a4 - c6a4Label - cfp1 - cfp1Label - cfp2 - cfp2Label - cfp3 - cfp3Label - cfp4 - cfp4Label - cn1 - cn1Label - cn2 - cn2Label - cn3 - cn3Label - cnt - cs1 - cs1Label - cs2 - cs2Label - cs3 - cs3Label - cs4 - cs4Label - cs5 - cs5Label - cs6 - cs6Label - destinationDnsDomain - destinationServiceName - destinationTranslatedAddress - destinationTranslatedPort - deviceCustomDate1 - deviceCustomDate1Label - deviceCustomDate2 - deviceCustomDate2Label - deviceDirection - deviceDnsDomain - deviceExternalId - deviceFacility - deviceInboundInterface - deviceNtDomain - deviceOutboundInterface - devicePayloadId - deviceProcessName - deviceTranslatedAddress - dhost - dmac - dntdom - dpid - dpriv - dproc - dpt - dst - dtz - duid - duser - dvc - dvchost - dvcmac - dvcpid - end - externalId - fileCreateTime - fileHash - fileId - fileModificationTime - filePath - filePermission - fileType - flexDate1 - flexDate1Label - flexNumber1 - flexNumber1Label - flexNumber2 - flexNumber2Label - flexString1 - flexString1Label - flexString2 - flexString2Label - fname - fsize - in - msg - oldFileCreateTime - oldFileHash - oldFileId - oldFileModificationTime - oldFileName - oldFilePath - oldFilePermission - oldFileSize - oldFileType - out - outcome - proto - reason - request - requestClientApplication - requestContext - requestCookies - requestMethod - rt - shost - smac - sntdom - sourceDnsDomain - sourceServiceName - sourceTranslatedAddress - sourceTranslatedPort - spid - spriv - sproc - spt - src - start - suid - suser - type # CEF Key Names For Event Consumers cef_key_names_for_event_consumers: - agentDnsDomain - agentNtDomain - agentTranslatedAddress - agentTranslatedZoneExternalID - agentTranslatedZoneURI - agentZoneExternalID - agentZoneURI - agt - ahost - aid - amac - art - at - atz - av - cat - customerExternalID - customerURI - destinationTranslatedZoneExternalID - destinationTranslatedZoneURI - destinationZoneExternalID - destinationZoneURI - deviceTranslatedZoneExternalID - deviceTranslatedZoneURI - deviceZoneExternalID - deviceZoneURI - dlat - dlong - eventId - rawEvent - slat - slong - sourceTranslatedZoneExternalID - sourceTranslatedZoneURI - sourceZoneExternalID - sourceZoneURI