Parsers and Generated Fields
Tag Fields Created by Parser checkpoint-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser checkpoint-ngfw
Source Field | LogScale Repository Field |
---|---|
Vendor.web | agent.name |
Vendor.user | agent.original |
Vendor.received | destination.bytes |
Vendor.server | destination.bytes |
destination.ip | destination.geo |
Vendor.dst | destination.ip |
Vendor.mac | destination.mac |
Vendor.xlatedst | destination.nat.ip |
Vendor.xlatedport | destination.nat.port |
Vendor.server | destination.packets |
Vendor.service | destination.port |
Vendor.service | destination.service.name |
Vendor.to | destination.user.email |
Vendor.usercheck | destination.user.id |
Vendor.id | dns.id |
Vendor.domain | dns.question.name |
Vendor.dns | dns.question.type |
Vendor.dns | dns.type |
Vendor.email | email.subject |
Vendor.action | event.action |
Vendor.last | event.end |
Vendor.lastupdatetime | event.end |
Vendor.loguid | event.id |
Vendor.sequencenum | event.sequence |
Vendor.severity | event.severity |
Vendor.first | event.start |
Vendor.start | event.start |
Vendor.packet | event.url |
Vendor.file | file.inode |
Vendor.dlp | file.name |
Vendor.file | file.name |
Vendor.file | file.size |
Vendor.file | file.type |
Vendor.user | group.name |
Vendor.os | host.os.name |
Vendor.os | host.os.version |
Vendor.method | http.request.method |
Vendor.referrer | http.request.referrer |
Vendor.email | id |
Vendor.application | name |
Vendor.service | network.application |
Vendor.bytes | network.bytes |
source.bytes | network.bytes |
Vendor.ifdir | network.direction |
Vendor.layer | network.name |
Vendor.packets | network.packets |
Vendor.proto | number |
Vendor.client | observer.egress.interface.name |
Vendor.ifname | observer.egress.interface.name |
Vendor.outzone | observer.egress.zone |
Vendor.client | observer.ingress.interface.name |
Vendor.ifname | observer.ingress.interface.name |
Vendor.inzone | observer.ingress.zone |
Vendor.security | observer.ingress.zone |
Vendor.origin | observer.ip[0] |
Vendor.endpoint | observer.ip[1] |
Vendor.origin | observer.name |
Vendor.product | observer.product |
Vendor.type | observer.type |
Vendor.update | observer.version |
Vendor.process | process.name |
Vendor.parent | process.parent.name |
Vendor.categories | rule.category |
Vendor.matched | rule.category |
Vendor.malware | rule.description |
Vendor.app | rule.id |
Vendor.malware | rule.id |
Vendor.app | rule.name |
Vendor.dlp | rule.name |
Vendor.malware | rule.name |
Vendor.objectname | rule.name |
Vendor.rule | rule.name |
Vendor.policy | rule.ruleset |
Vendor.smartdefence | rule.ruleset |
Vendor.dlp | rule.uuid |
Vendor.rule | rule.uuid |
Vendor.app | score |
Vendor.client | source.bytes |
Vendor.sent | source.bytes |
source.ip | source.geo |
Vendor.client | source.ip |
Vendor.src | source.ip |
Vendor.mac | source.mac |
Vendor.xlatesrc | source.nat.ip |
Vendor.xlatesport | source.nat.port |
Vendor.client | source.packets |
Vendor.s | source.port |
Vendor.from | source.user.email |
Vendor.src | source.user.group.name |
Vendor.uid | source.user.id |
Vendor.administrator | source.user.name |
Vendor.src | source.user.name |
Vendor.delivery | timestamp |
Vendor.resource | url.original |
Vendor.url | url.original |
Vendor.industry | vulnerability.id |