Parsers and Generated Fields
Tag Fields Created by Parser checkpoint-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser checkpoint-ngfw
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.web | agent.name |
| Vendor.user | agent.original |
| Vendor.received | destination.bytes |
| Vendor.server | destination.bytes |
| destination.ip | destination.geo |
| Vendor.dst | destination.ip |
| Vendor.mac | destination.mac |
| Vendor.xlatedst | destination.nat.ip |
| Vendor.xlatedport | destination.nat.port |
| Vendor.server | destination.packets |
| Vendor.service | destination.port |
| Vendor.service | destination.service.name |
| Vendor.to | destination.user.email |
| Vendor.usercheck | destination.user.id |
| Vendor.id | dns.id |
| Vendor.domain | dns.question.name |
| Vendor.dns | dns.question.type |
| Vendor.dns | dns.type |
| Vendor.email | email.subject |
| Vendor.action | event.action |
| Vendor.last | event.end |
| Vendor.lastupdatetime | event.end |
| Vendor.loguid | event.id |
| Vendor.sequencenum | event.sequence |
| Vendor.severity | event.severity |
| Vendor.first | event.start |
| Vendor.start | event.start |
| Vendor.packet | event.url |
| Vendor.file | file.inode |
| Vendor.dlp | file.name |
| Vendor.file | file.name |
| Vendor.file | file.size |
| Vendor.file | file.type |
| Vendor.user | group.name |
| Vendor.os | host.os.name |
| Vendor.os | host.os.version |
| Vendor.method | http.request.method |
| Vendor.referrer | http.request.referrer |
| Vendor.email | id |
| Vendor.application | name |
| Vendor.service | network.application |
| Vendor.bytes | network.bytes |
| source.bytes | network.bytes |
| Vendor.ifdir | network.direction |
| Vendor.layer | network.name |
| Vendor.packets | network.packets |
| Vendor.proto | number |
| Vendor.client | observer.egress.interface.name |
| Vendor.ifname | observer.egress.interface.name |
| Vendor.outzone | observer.egress.zone |
| Vendor.client | observer.ingress.interface.name |
| Vendor.ifname | observer.ingress.interface.name |
| Vendor.inzone | observer.ingress.zone |
| Vendor.security | observer.ingress.zone |
| Vendor.origin | observer.ip[0] |
| Vendor.endpoint | observer.ip[1] |
| Vendor.origin | observer.name |
| Vendor.product | observer.product |
| Vendor.type | observer.type |
| Vendor.update | observer.version |
| Vendor.process | process.name |
| Vendor.parent | process.parent.name |
| Vendor.categories | rule.category |
| Vendor.matched | rule.category |
| Vendor.malware | rule.description |
| Vendor.app | rule.id |
| Vendor.malware | rule.id |
| Vendor.app | rule.name |
| Vendor.dlp | rule.name |
| Vendor.malware | rule.name |
| Vendor.objectname | rule.name |
| Vendor.rule | rule.name |
| Vendor.policy | rule.ruleset |
| Vendor.smartdefence | rule.ruleset |
| Vendor.dlp | rule.uuid |
| Vendor.rule | rule.uuid |
| Vendor.app | score |
| Vendor.client | source.bytes |
| Vendor.sent | source.bytes |
| source.ip | source.geo |
| Vendor.client | source.ip |
| Vendor.src | source.ip |
| Vendor.mac | source.mac |
| Vendor.xlatesrc | source.nat.ip |
| Vendor.xlatesport | source.nat.port |
| Vendor.client | source.packets |
| Vendor.s | source.port |
| Vendor.from | source.user.email |
| Vendor.src | source.user.group.name |
| Vendor.uid | source.user.id |
| Vendor.administrator | source.user.name |
| Vendor.src | source.user.name |
| Vendor.delivery | timestamp |
| Vendor.resource | url.original |
| Vendor.url | url.original |
| Vendor.industry | vulnerability.id |