Parsers and Generated Fields
Tag Fields Created by Parser checkpoint-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser checkpoint-ngfw
| Source Field | CPS Field |
|---|---|
| Vendor.received_bytes | destination.bytes |
| Vendor.server_outbound_bytes | destination.bytes |
| Vendor.dst | destination.ip |
| Vendor.mac_destination_address | destination.mac |
| Vendor.xlatedst | destination.nat.ip |
| Vendor.xlatedport | destination.nat.port |
| Vendor.xlatedport_svc | destination.nat.port |
| Vendor.server_outbound_packets | destination.packets |
| Vendor.service | destination.port |
| Vendor.svc | destination.port |
| Vendor.to | destination.user.email |
| Vendor.usercheck_incident_uid | destination.user.id |
| Vendor.dst_user_name | destination.user.name |
| Vendor.domain_name | dns.question.name |
| Vendor.dns_type | dns.question.type |
| Vendor.dns_message_type | dns.type |
| Vendor.delivery_time | email.delivery_timestamp |
| Vendor.email_queue_id | email.local_id |
| Vendor.email_message_id | email.message_id |
| Vendor.email_subject | email.subject |
| Vendor.action; | event.action |
| Vendor.last_detection | event.end |
| Vendor.lastupdatetime | event.end |
| Vendor.loguid | event.id |
| Vendor.additional_info | event.reason |
| Vendor.description | event.reason |
| Vendor.information | event.reason |
| Vendor.session_description | event.reason |
| Vendor.app_risk | event.risk_score |
| Vendor.sequencenum | event.sequence |
| Vendor.severity | event.severity |
| Vendor.first_detection | event.start |
| Vendor.start_time | event.start |
| Vendor.packet_capture | event.url |
| Vendor.file_id | file.inode |
| Vendor.dlp_file_name | file.name |
| Vendor.file_name | file.name |
| Vendor.file_size | file.size |
| Vendor.file_type | file.type |
| Vendor.user_group | group.name |
| Venodr.endpoint_ip | host.ip[0] |
| Vendor.os_name | host.os.name |
| Vendor.os_version | host.os.version |
| Vendor.method | http.request.method |
| Vendor.referrer | http.request.referrer |
| Vendor.application | network.application |
| Vendor.service_id | network.application |
| source.bytes | network.bytes |
| Vendor.bytes | network.bytes |
| Vendor.conn_direction | network.direction |
| Vendor.ifdir | network.direction |
| Vendor.proto | network.iana_number |
| Vendor.layer_name | network.name |
| Vendor.packets | network.packets |
| Vendor.client_outbound_interface; | observer.egress.interface.name |
| Vendor.ifname; | observer.egress.interface.name |
| Vendor.server_outbound_interface | observer.egress.interface.name |
| Vendor.outzone | observer.egress.zone |
| Vendor.client_inbound_interface; | observer.ingress.interface.name |
| Vendor.ifname; | observer.ingress.interface.name |
| Vendor.client_inbound_interface | observer.ingress.interface.name |
| Vendor.inzone | observer.ingress.zone |
| Vendor.security_outzone | observer.ingress.zone |
| Vendor.origin_ip | observer.ip[0] |
| Vendor.endpoint_ip | observer.ip[1] |
| Vendor.origin | observer.name |
| Vendor.product | observer.product |
| Vendor.type | observer.type |
| Vendor.update_version | observer.version |
| Vendor.process_name | process.name |
| Vendor.parent_process_name | process.parent.name |
| Vendor.categories | rule.category |
| Vendor.matched_category | rule.category |
| Vendor.malware_action | rule.description |
| Vendor.app_rule_id | rule.id |
| Vendor.malware_rule_id | rule.id |
| Vendor.app_rule_name | rule.name |
| Vendor.dlp_rule_name | rule.name |
| Vendor.malware_rule_name | rule.name |
| Vendor.objectname | rule.name |
| Vendor.rule_name | rule.name |
| Vendor.policy | rule.ruleset |
| Vendor.smartdefence_profile | rule.ruleset |
| Vendor.dlp_rule_uid | rule.uuid |
| Vendor.rule_uid | rule.uuid |
| Vendor.client_outbound_bytes | source.bytes |
| Vendor.sent_bytes | source.bytes |
| Vendor.client_ip | source.ip |
| Vendor.src | source.ip |
| Vendor.mac_source_address | source.mac |
| Vendor.xlatesrc | source.nat.ip |
| Vendor.xlatesport | source.nat.port |
| Vendor.xlatesport_svc | source.nat.port |
| Vendor.client_outbound_packets | source.packets |
| Vendor.s_port | source.port |
| Vendor.sport_svc | source.port |
| Vendor.from | source.user.email |
| Vendor.src_user_group | source.user.group.name |
| Vendor.uid | source.user.id |
| Vendor.administrator | source.user.name |
| Vendor.src_user_name | source.user.name |
| Vendor.session_uid | transaction.id |
| Vendor.resource | url.original |
| Vendor.url | url.original |
| Vendor.user | user.name |
| Vendor.web_client_type | user_agent.name |
| Vendor.user_agent | user_agent.original |
| Vendor.industry_reference | vulnerability.id |