Parsers and Generated Fields
Tag Fields Created by Parser aws-waf
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser aws-waf
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | Vendor.action |
| `event.action` | Copied | Vendor.action |
| `http.request.id` | Copied | Vendor.httpRequest.requestId |
| `http.request.method` | Copied | Vendor.httpRequest.httpMethod |
| `rule.id` | Copied | Vendor.terminatingRuleId |
| `rule.ruleset` | Copied | Vendor.terminatingRuleType |
| `source.geo.country_iso_code` | Copied | Vendor.httpRequest.country |
| `source.ip` | Copied | source.address |
| `source.nat.ip` | Copied | Vendor.httpRequest.clientIp |
| `url.path` | Copied | Vendor.httpRequest.uri |
| `url.query` | Copied | Vendor.httpRequest.args |
| `http.request.referrer` | Extracted | Vendor.httpRequest.headers[] |
| `http.version` | Extracted | Vendor.httpRequest.httpVersion |
| `network.protocol` | Extracted | Vendor.httpRequest.httpVersion |
| `source.address` | Extracted | Vendor.httpRequest.headers[], Vendor.httpRequest.clientIp |
| `url.domain` | Extracted | Vendor.httpRequest.headers[] |
| `url.port` | Extracted | Vendor.httpRequest.headers[] |
| `user_agent.original` | Extracted | Vendor.httpRequest.headers[] |
| `@timestamp` | Parsed | Vendor.timestamp |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| `network.transport` | Static | network.protocol |
| Vendor.action | event.action | |
| Vendor.httpRequest.requestId | http.request.id | |
| Vendor.httpRequest.httpMethod | http.request.method | |
| Vendor.terminatingRuleId | rule.id | |
| Vendor.terminatingRuleType | rule.ruleset | |
| Vendor.httpRequest.country | source.geo.country_iso_code | |
| Vendor.httpRequest.uri | url.path | |
| Vendor.httpRequest.args | url.query |