Parsers and Generated Fields
Tag Fields Created by Parser aws-fsx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser aws-fsx
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | None |
| `client.ip` | Copied | Vendor.Event.EventData.IpAddress |
| `client.port` | Copied | Vendor.Event.EventData.IpPort |
| `event.id` | Copied | Vendor.Event.System.EventID |
| `file.path` | Copied | Vendor.Event.EventData.ObjectName |
| `file.type` | Copied | Vendor.Event.EventData.ObjectType |
| `process.pid` | Copied | Vendor.Event.System.Execution._ProcessID |
| `process.thread.id` | Copied | Vendor.Event.System.Execution._ThreadID |
| `user.id` | Copied | Vendor.Event.EventData.SubjectUserSid |
| `user.name` | Copied | Vendor.Event.EventData.SubjectUserName |
| `file.extension` | Extracted | Vendor.Event.EventData.ObjectName (indirect) |
| `file.name` | Extracted | Vendor.Event.EventData.ObjectName (indirect) |
| `event.action` | Mapped | Vendor.Event.System.EventID (indirect) |
| `@timestamp` | Parsed | Vendor.Event.System.TimeCreated._SystemTime |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| `user.domain` | Transformed | Vendor.Event.EventData.SubjectDomainName |
| Vendor.Event.EventData.IpAddress | client.ip | |
| Vendor.Event.EventData.IpPort | client.port | |
| Vendor.Event.System.EventID | event.id | |
| Vendor.Event.EventData.ObjectName | file.path | |
| Vendor.Event.EventData.ObjectType | file.type | |
| Vendor.Event.System.Execution._ProcessID | process.pid | |
| Vendor.Event.System.Execution._ThreadID | process.thread.id | |
| Vendor.Event.EventData.SubjectUserSid | user.id | |
| Vendor.Event.EventData.SubjectUserName | user.name |