Parsers and Generated Fields
Tag Fields Created by Parser cisco-duo
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cisco-duo
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.description.hostname | client.address | |
| Vendor.description.ip_address | client.ip | |
| Vendor.enabled_for.key | destination.user.id | |
| Vendor.enabled_for.name | destination.user.name | |
| Vendor.action | event.action | |
| Vendor.action.name | event.action | |
| Vendor.context | event.action | |
| Vendor.event_type | event.action | |
| Vendor.type | event.action | |
| Vendor.activity_id | event.id | |
| Vendor.sekey | event.id | |
| Vendor.telephony_id | event.id | |
| Vendor.reason | event.reason | |
| Vendor.surfaced_auth.reason | event.reason | |
| Vendor.auth_device.name | host.id | |
| Vendor.target.name | host.id | |
| Vendor.applications | network.application | |
| Vendor.access_device.hostname | source.address | |
| Vendor.surfaced_auth.access_device.hostname | source.address | |
| Vendor.access_device.location.city | source.geo.city_name | |
| Vendor.auth_device.location.city | source.geo.city_name | |
| Vendor.surfaced_auth.access_device.location.city | source.geo.city_name | |
| Vendor.access_device.location.country | source.geo.country_name | |
| Vendor.auth_device.location.country | source.geo.country_name | |
| Vendor.surfaced_auth.access_device.location.country | source.geo.country_name | |
| Vendor.access_device.location.state | source.geo.region_name | |
| Vendor.auth_device.location.state | source.geo.region_name | |
| Vendor.surfaced_auth.access_device.location.state | source.geo.region_name | |
| Vendor.access_device.ip | source.ip | |
| Vendor.auth_device.ip | source.ip | |
| Vendor.surfaced_auth.access_device.ip | source.ip | |
| Vendor.access_device.port | source.port | |
| Vendor.surfaced_auth.email | source.user.email | |
| Vendor.enabled_by.key | source.user.id | |
| Vendor.surfaced_auth.user.key | source.user.id | |
| Vendor.enabled_by.name | source.user.name | |
| Vendor.surfaced_auth.user.name | source.user.name | |
| url.domain | url.domain | |
| Vendor.triage_event_uri | url.original | |
| Vendor.description.email | user.changes.email | |
| Vendor.description.realname | user.changes.name | |
| Vendor.description.email | user.email | |
| Vendor.email | user.email | |
| Vendor.username | user.full_name | |
| Vendor.actor.details.group.name | user.group.name | |
| Vendor.actor.key | user.id | |
| Vendor.user.key | user.id | |
| Vendor.actor.name | user.name | |
| Vendor.description.admin_email | user.name | |
| Vendor.description.uname | user.name | |
| Vendor.user.name | user.name | |
| Vendor.object | user.target.name | |
| Vendor.access_device.browser | user_agent.name | |
| Vendor.surfaced_auth.access_device.browser | user_agent.name | |
| Vendor.description.user_agent | user_agent.original | |
| Vendor.access_device.os | user_agent.os.name | |
| Vendor.surfaced_auth.access_device.os | user_agent.os.name | |
| Vendor.access_device.os_version | user_agent.os.version | |
| Vendor.surfaced_auth.access_device.os_version | user_agent.os.version | |
| Vendor.access_device.browser_version | user_agent.version | |
| Vendor.surfaced_auth.access_device.browser_version | user_agent.version |
Tag Fields Created by Parser duo-activity-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-activity-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.action | event.action | |
| Vendor.activity_id | event.id | |
| Vendor.access_device.location.city | source.geo.city_name | |
| Vendor.access_device.location.country | source.geo.country_name | |
| Vendor.access_device.location.state | source.geo.region_name | |
| Vendor.access_device.ip | source.ip | |
| Vendor.access_device.port | source.port | |
| Vendor.access_device.browser | source.user_agent.name | |
| Vendor.access_device.os | source.user_agent.os.name | |
| Vendor.access_device.os_version | source.user_agent.os.version | |
| Vendor.access_device.browser_version | source.user_agent.version | |
| Vendor.actor.details.group.name | user.group.name | |
| Vendor.actor.key | user.id | |
| Vendor.actor.name | user.name |
Tag Fields Created by Parser duo-admin-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-admin-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.action | event.action | |
| Vendor.description.email; | user.changes.email | |
| Vendor.description.realname | user.changes.name | |
| Vendor.description.email; | user.email | |
| Vendor.username | user.name | |
| Vendor.object | user.target.name |
Tag Fields Created by Parser duo-authentication-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-authentication-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.reason | event.reason | |
| Vendor.access_device.location.city | source.geo.city_name | |
| Vendor.access_device.location.country | source.geo.country_name | |
| Vendor.access_device.location.state | source.geo.region_name | |
| Vendor.access_device.ip | source.ip | |
| Vendor.access_device.port | source.port | |
| Vendor.email | source.user.email | |
| Vendor.user.group | source.user.group.name | |
| Vendor.user.key | source.user.id | |
| Vendor.user.name | source.user.name | |
| Vendor.access_device.browser | source.user_agent.name | |
| Vendor.access_device.os | source.user_agent.os.name | |
| Vendor.access_device.os_version | source.user_agent.os.version | |
| Vendor.access_device.browser_version | source.user_agent.version |
Tag Fields Created by Parser duo-telephony-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-telephony-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.context | event.action | |
| Vendor.telephony_id | event.id |
Tag Fields Created by Parser duo-trustmonitor-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-trustmonitor-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.enabled_for.key; | destination.user.id | |
| Vendor.enabled_for.name | destination.user.name | |
| Vendor.sekey | event.id | |
| Vendor.surfaced_auth.reason | event.reason | |
| Vendor.surfaced_auth.access_device.location.city | source.geo.city_name | |
| Vendor.surfaced_auth.access_device.location.country | source.geo.country_name | |
| Vendor.surfaced_auth.access_device.location.state | source.geo.region_name | |
| Vendor.surfaced_auth.access_device.ip | source.ip | |
| Vendor.surfaced_auth.email | source.user.email | |
| Vendor.enabled_by.key | source.user.id | |
| Vendor.surfaced_auth.user.key | source.user.id | |
| Vendor.enabled_by.name | source.user.name | |
| Vendor.surfaced_auth.user.name | source.user.name | |
| Vendor.surfaced_auth.access_device.browser | source.user_agent.name | |
| Vendor.surfaced_auth.access_device.os | source.user_agent.os.name | |
| Vendor.surfaced_auth.access_device.os_version | source.user_agent.os.version | |
| Vendor.surfaced_auth.access_device.browser_version | source.user_agent.version | |
| Vendor.triage_event_uri | url.original |