Parsers and Generated Fields
Tag Fields Created by Parser akamai-asec
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser akamai-asec
| Vendor Field | CPS Field | Description |
|---|---|---|
| source.address | client.address | Copies source address to client address |
| source.ip | client.ip | Copies source IP to client IP |
| Vendor.httpMessage.requestId | event.id | Maps request ID to event ID |
| Vendor.httpMessage.requestId | http.request.id | Maps HTTP request ID |
| Vendor.httpMessage.method | http.request.method | Maps HTTP method (GET, POST, etc.) |
| Vendor.httpMessage.bytes | http.response.bytes | Maps HTTP response size in bytes |
| Vendor.httpMessage.status | http.response.status_code | Maps HTTP status code |
| Vendor.httpMessage.protocol | network.protocol, | Extracted using regex pattern `/^(?<network.protocol>\S+)\/(?<http.version>\S+)$/` |
| Vendor.attackData.clientIP | source.address | Maps client IP address |
| Vendor.geo.city | source.geo.city_name | Maps city name |
| Vendor.geo.country | source.geo.country_iso_code | Maps country code |
| source.geo.country_iso_code, | source.geo.region_iso_code | Formatted as "{country}-{region}" when both fields exist |
| source.address | source.ip | Copies source.address to source.ip |
| Vendor.httpMessage.tls | tls.version_protocol, | Extracted using regex pattern `/^(?<tls.version_protocol>\S+?)[vV](?<tls.version>\S+)$/` |
| Vendor.httpMessage.host | url.domain | Converted to lowercase |
| Vendor.httpMessage.path | url.path | Maps URL path |
| Vendor.httpMessage.port | url.port | Maps URL port |
| Vendor.httpMessage.query | url.query | Maps URL query string |