Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 1 minutes

Parsers and Generated Fields

Tag Fields Created by Parser checkpoint-ngfw

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser checkpoint-ngfw

Vendor Field	CPS Field	Description
Vendor.received_bytes	destination.bytes
Vendor.server_outbound_bytes	destination.bytes
Vendor.dst	destination.ip
Vendor.mac_destination_address	destination.mac
Vendor.xlatedst	destination.nat.ip
Vendor.xlatedport	destination.nat.port
Vendor.xlatedport_svc	destination.nat.port
Vendor.server_outbound_packets	destination.packets
Vendor.service	destination.port
Vendor.svc	destination.port
Vendor.to	destination.user.email
Vendor.usercheck_incident_uid	destination.user.id
Vendor.dst_user_name	destination.user.name
Vendor.domain_name	dns.question.name
Vendor.dns_type	dns.question.type
Vendor.dns_message_type	dns.type
Vendor.delivery_time	email.delivery_timestamp
Vendor.email_queue_id	email.local_id
Vendor.email_message_id	email.message_id
Vendor.email_subject	email.subject
Vendor.action;	event.action
Vendor.last_detection	event.end
Vendor.lastupdatetime	event.end
Vendor.loguid	event.id
Vendor.additional_info	event.reason
Vendor.description	event.reason
Vendor.information	event.reason
Vendor.session_description	event.reason
Vendor.app_risk	event.risk_score
Vendor.sequencenum	event.sequence
Vendor.severity	event.severity
Vendor.first_detection	event.start
Vendor.start_time	event.start
Vendor.packet_capture	event.url
Vendor.file_id	file.inode
Vendor.dlp_file_name	file.name
Vendor.file_name	file.name
Vendor.file_size	file.size
Vendor.file_type	file.type
Vendor.user_group	group.name
Venodr.endpoint_ip	host.ip[0]
Vendor.os_name	host.os.name
Vendor.os_version	host.os.version
Vendor.method	http.request.method
Vendor.referrer	http.request.referrer
Vendor.application	network.application
Vendor.service_id	network.application
source.bytes	network.bytes
Vendor.bytes	network.bytes
Vendor.conn_direction	network.direction
Vendor.ifdir	network.direction
Vendor.proto	network.iana_number
Vendor.layer_name	network.name
Vendor.packets	network.packets
Vendor.client_outbound_interface;	observer.egress.interface.name
Vendor.ifname;	observer.egress.interface.name
Vendor.server_outbound_interface	observer.egress.interface.name
Vendor.outzone	observer.egress.zone
Vendor.client_inbound_interface;	observer.ingress.interface.name
Vendor.ifname;	observer.ingress.interface.name
Vendor.client_inbound_interface	observer.ingress.interface.name
Vendor.inzone	observer.ingress.zone
Vendor.security_outzone	observer.ingress.zone
Vendor.origin_ip	observer.ip[0]
Vendor.endpoint_ip	observer.ip[1]
Vendor.origin	observer.name
Vendor.product	observer.product
Vendor.type	observer.type
Vendor.update_version	observer.version
Vendor.process_name	process.name
Vendor.parent_process_name	process.parent.name
Vendor.categories	rule.category
Vendor.matched_category	rule.category
Vendor.malware_action	rule.description
Vendor.app_rule_id	rule.id
Vendor.malware_rule_id	rule.id
Vendor.app_rule_name	rule.name
Vendor.dlp_rule_name	rule.name
Vendor.malware_rule_name	rule.name
Vendor.objectname	rule.name
Vendor.rule_name	rule.name
Vendor.policy	rule.ruleset
Vendor.smartdefence_profile	rule.ruleset
Vendor.dlp_rule_uid	rule.uuid
Vendor.rule_uid	rule.uuid
Vendor.client_outbound_bytes	source.bytes
Vendor.sent_bytes	source.bytes
Vendor.client_ip	source.ip
Vendor.src	source.ip
Vendor.mac_source_address	source.mac
Vendor.xlatesrc	source.nat.ip
Vendor.xlatesport	source.nat.port
Vendor.xlatesport_svc	source.nat.port
Vendor.client_outbound_packets	source.packets
Vendor.s_port	source.port
Vendor.sport_svc	source.port
Vendor.from	source.user.email
Vendor.src_user_group	source.user.group.name
Vendor.uid	source.user.id
Vendor.administrator	source.user.name
Vendor.src_user_name	source.user.name
Vendor.session_uid	transaction.id
Vendor.resource	url.original
Vendor.url	url.original
Vendor.user	user.name
Vendor.web_client_type	user_agent.name
Vendor.user_agent	user_agent.original
Vendor.industry_reference	vulnerability.id

Enter search term