Parsers and Generated Fields
Tag Fields Created by Parser asimily-iomt
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser asimily-iomt
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| Vendor.dateTime | @timestamp | Timestamp when event was sent from Asimily to LogScale | Parsed from Vendor.dateTime using parseTimestamp() |
| Vendor.manufacturer | device.manufacturer | Device manufacturer name | Copied from Vendor.manufacturer |
| Vendor.deviceModel | device.model.identifier | Device model name | Copied from Vendor.deviceModel |
| None | ecs.version | ECS schema version | Static value: 8.17.0 |
| None | event.category[] | Event category classification | Array populated with static value "vulnerability" |
| Vendor.alertId | event.id | Alert identifier | Copied from Vendor.alertId |
| None | event.kind | Event kind classification | Static value: event |
| None | event.module | Module identifier | Static value: iomt |
| Vendor.context | event.reason | Description of the anomaly event | Copied from Vendor.context |
| None | event.type[] | Event type classification | Array populated with static value "info" |
| Vendor.ipAddress | host.ip[] | IP address of the device | Array populated with Vendor.ipAddress |
| Vendor.macAddress | host.mac[0] | MAC address of the device | Transformed from Vendor.macAddress (replace colons with dashes, uppercase) |
| Vendor.os | host.os.name | Operating system of the device | Copied from Vendor.os |