Parsers and Generated Fields
Tag Fields Created by Parser cisco-duo
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cisco-duo
| Source Field | CPS Field |
|---|---|
| Vendor.description.hostname | client.address |
| Vendor.description.ip_address | client.ip |
| Vendor.enabled_for.key | destination.user.id |
| Vendor.enabled_for.name | destination.user.name |
| Vendor.action | event.action |
| Vendor.action.name | event.action |
| Vendor.context | event.action |
| Vendor.event_type | event.action |
| Vendor.type | event.action |
| Vendor.activity_id | event.id |
| Vendor.sekey | event.id |
| Vendor.telephony_id | event.id |
| Vendor.reason | event.reason |
| Vendor.surfaced_auth.reason | event.reason |
| Vendor.applications | network.application |
| Vendor.access_device.hostname | source.address |
| Vendor.surfaced_auth.access_device.hostname | source.address |
| Vendor.access_device.location.city | source.geo.city_name |
| Vendor.surfaced_auth.access_device.location.city | source.geo.city_name |
| Vendor.access_device.location.country | source.geo.country_name |
| Vendor.surfaced_auth.access_device.location.country | source.geo.country_name |
| Vendor.access_device.location.state | source.geo.region_name |
| Vendor.surfaced_auth.access_device.location.state | source.geo.region_name |
| Vendor.access_device.ip | source.ip |
| Vendor.surfaced_auth.access_device.ip | source.ip |
| Vendor.access_device.port | source.port |
| Vendor.email | source.user.email |
| Vendor.surfaced_auth.email | source.user.email |
| Vendor.enabled_by.key | source.user.id |
| Vendor.surfaced_auth.user.key | source.user.id |
| Vendor.user.key | source.user.id |
| Vendor.enabled_by.name | source.user.name |
| Vendor.surfaced_auth.user.name | source.user.name |
| Vendor.user.name | source.user.name |
| url.domain | url.domain |
| Vendor.triage_event_uri | url.original |
| Vendor.description.email | user.changes.email |
| Vendor.description.realname | user.changes.name |
| Vendor.description.email | user.email |
| Vendor.username | user.full_name |
| Vendor.actor.details.group.name | user.group.name |
| Vendor.actor.key | user.id |
| Vendor.actor.name | user.name |
| Vendor.description.admin_email | user.name |
| Vendor.description.uname | user.name |
| Vendor.object | user.target.name |
| Vendor.access_device.browser | user_agent.name |
| Vendor.surfaced_auth.access_device.browser | user_agent.name |
| Vendor.description.user_agent | user_agent.original |
| Vendor.access_device.os | user_agent.os.name |
| Vendor.surfaced_auth.access_device.os | user_agent.os.name |
| Vendor.access_device.os_version | user_agent.os.version |
| Vendor.surfaced_auth.access_device.os_version | user_agent.os.version |
| Vendor.access_device.browser_version | user_agent.version |
| Vendor.surfaced_auth.access_device.browser_version | user_agent.version |
Tag Fields Created by Parser duo-activity-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-activity-json
| Source Field | CPS Field |
|---|---|
| Vendor.action | event.action |
| Vendor.activity_id | event.id |
| Vendor.access_device.location.city | source.geo.city_name |
| Vendor.access_device.location.country | source.geo.country_name |
| Vendor.access_device.location.state | source.geo.region_name |
| Vendor.access_device.ip | source.ip |
| Vendor.access_device.port | source.port |
| Vendor.access_device.browser | source.user_agent.name |
| Vendor.access_device.os | source.user_agent.os.name |
| Vendor.access_device.os_version | source.user_agent.os.version |
| Vendor.access_device.browser_version | source.user_agent.version |
| Vendor.actor.details.group.name | user.group.name |
| Vendor.actor.key | user.id |
| Vendor.actor.name | user.name |
Tag Fields Created by Parser duo-admin-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-admin-json
| Source Field | CPS Field |
|---|---|
| Vendor.action | event.action |
| Vendor.description.email; | user.changes.email |
| Vendor.description.realname | user.changes.name |
| Vendor.description.email; | user.email |
| Vendor.username | user.name |
| Vendor.object | user.target.name |
Tag Fields Created by Parser duo-authentication-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-authentication-json
| Source Field | CPS Field |
|---|---|
| Vendor.reason | event.reason |
| Vendor.access_device.location.city | source.geo.city_name |
| Vendor.access_device.location.country | source.geo.country_name |
| Vendor.access_device.location.state | source.geo.region_name |
| Vendor.access_device.ip | source.ip |
| Vendor.access_device.port | source.port |
| Vendor.email | source.user.email |
| Vendor.user.group | source.user.group.name |
| Vendor.user.key | source.user.id |
| Vendor.user.name | source.user.name |
| Vendor.access_device.browser | source.user_agent.name |
| Vendor.access_device.os | source.user_agent.os.name |
| Vendor.access_device.os_version | source.user_agent.os.version |
| Vendor.access_device.browser_version | source.user_agent.version |
Tag Fields Created by Parser duo-telephony-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-telephony-json
| Source Field | CPS Field |
|---|---|
| Vendor.context | event.action |
| Vendor.telephony_id | event.id |
Tag Fields Created by Parser duo-trustmonitor-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-trustmonitor-json
| Source Field | CPS Field |
|---|---|
| Vendor.enabled_for.key; | destination.user.id |
| Vendor.enabled_for.name | destination.user.name |
| Vendor.sekey | event.id |
| Vendor.surfaced_auth.reason | event.reason |
| Vendor.surfaced_auth.access_device.location.city | source.geo.city_name |
| Vendor.surfaced_auth.access_device.location.country | source.geo.country_name |
| Vendor.surfaced_auth.access_device.location.state | source.geo.region_name |
| Vendor.surfaced_auth.access_device.ip | source.ip |
| Vendor.surfaced_auth.email | source.user.email |
| Vendor.enabled_by.key | source.user.id |
| Vendor.surfaced_auth.user.key | source.user.id |
| Vendor.enabled_by.name | source.user.name |
| Vendor.surfaced_auth.user.name | source.user.name |
| Vendor.surfaced_auth.access_device.browser | source.user_agent.name |
| Vendor.surfaced_auth.access_device.os | source.user_agent.os.name |
| Vendor.surfaced_auth.access_device.os_version | source.user_agent.os.version |
| Vendor.surfaced_auth.access_device.browser_version | source.user_agent.version |
| Vendor.triage_event_uri | url.original |