Parsers and Generated Fields

Tag Fields Created by Parser akamai-asec

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser akamai-asec
Vendor FieldCPS FieldDescription
`event.category[]`ArrayNone
`event.type[]`Arrayevent.action, http.response.status_code
`client.address`Copiedsource.address (indirect)
`client.as.number`Copiedsource.as.number (indirect)
`client.geo.city_name`Copiedsource.geo.city_name (indirect)
`client.geo.country_iso_code`Copiedsource.geo.country_iso_code (indirect)
`client.geo.region_iso_code`Copiedsource.geo.region_iso_code (indirect)
`client.ip`Copiedsource.ip (indirect)
`destination.address`CopiedVendor.httpMessage.host
`destination.domain`Copieddestination.address (indirect)
`destination.port`CopiedVendor.httpMessage.port
`event.action`CopiedVendor.attackData.ruleActions.decoded
`event.id`CopiedVendor.httpMessage.requestId
`http.request.id`CopiedVendor.httpMessage.requestId
`http.request.method`CopiedVendor.httpMessage.method
`http.response.bytes`CopiedVendor.httpMessage.bytes
`http.response.status_code`CopiedVendor.httpMessage.status
`network.bytes`CopiedVendor.httpMessage.bytes
`rule.category`CopiedVendor.attackData.ruleTags.decoded
`rule.id`CopiedVendor.attackData.rules.decoded
`rule.name`CopiedVendor.attackData.ruleMessages.decoded
`rule.version`CopiedVendor.attackData.ruleVersions.decoded
`server.address`Copieddestination.address (indirect)
`server.domain`Copieddestination.domain (indirect)
`server.port`Copieddestination.port (indirect)
`source.address`CopiedVendor.attackData.clientIP
`source.as.number`CopiedVendor.geo.asn
`source.geo.city_name`CopiedVendor.geo.city
`source.geo.country_iso_code`CopiedVendor.geo.country
`url.domain`CopiedVendor.httpMessage.host
`url.path`CopiedVendor.httpMessage.path
`url.port`CopiedVendor.httpMessage.port
`url.query`CopiedVendor.httpMessage.query
`http.request.bytes`ExtractedVendor.httpMessage.requestHeaders.Content-Length
`http.request.mime_type`ExtractedVendor.httpMessage.requestHeaders.Content-Type
`http.request.referrer`ExtractedVendor.httpMessage.requestHeaders.Referer
`http.response.mime_type`ExtractedVendor.httpMessage.responseHeaders.Content-Type
`http.version`ExtractedVendor.httpMessage.protocol
`network.protocol`ExtractedVendor.httpMessage.protocol
`tls.version_protocol`ExtractedVendor.httpMessage.tls
`tls.version`ExtractedVendor.httpMessage.tls
`user_agent.original`ExtractedVendor.httpMessage.requestHeaders.User-Agent
`source.geo.region_iso_code`Formattedsource.geo.country_iso_code, Vendor.geo.regionCode
`@timestamp`ParsedVendor.httpMessage.start
`network.type`Setsource.address (indirect)
`source.ip`Setsource.address (indirect)
`ecs.version`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
`event.outcome`StaticNone
source.addressclient.address 
source.as.numberclient.as.number 
source.geo.city_nameclient.geo.city_name 
source.geo.country_iso_codeclient.geo.country_iso_code 
source.geo.region_iso_codeclient.geo.region_iso_code 
source.ipclient.ip 
destination.addressdestination.domain 
Vendor.httpMessage.portdestination.port 
Vendor.attackData.ruleActions.decodedevent.action 
Vendor.httpMessage.requestIdevent.id 
Vendor.httpMessage.requestIdhttp.request.id 
Vendor.httpMessage.methodhttp.request.method 
Vendor.httpMessage.byteshttp.response.bytes 
Vendor.httpMessage.statushttp.response.status_code 
Vendor.httpMessage.bytesnetwork.bytes 
Vendor.attackData.ruleTags.decodedrule.category 
Vendor.attackData.rules.decodedrule.id 
Vendor.attackData.ruleMessages.decodedrule.name 
Vendor.attackData.ruleVersions.decodedrule.version 
destination.addressserver.address 
destination.domainserver.domain 
destination.portserver.port 
Vendor.geo.asnsource.as.number 
Vendor.geo.citysource.geo.city_name 
Vendor.geo.countrysource.geo.country_iso_code 
source.addresssource.ip 
Vendor.httpMessage.pathurl.path 
Vendor.httpMessage.porturl.port 
Vendor.httpMessage.queryurl.query