Parsers and Generated Fields
Tag Fields Created by Parser duo-activity-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-activity-json
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.access | agent.name |
| Vendor.access | agent.os.name |
| Vendor.access | agent.os.version |
| Vendor.access | agent.version |
| Vendor.action | event.action |
| Vendor.activity | event.id |
| Vendor.access | name |
| Vendor.access | source.ip |
| Vendor.access | source.port |
| Vendor.actor.details.group.name | user.group.name |
| Vendor.actor.key | user.id |
| Vendor.actor.name | user.name |
Tag Fields Created by Parser duo-admin-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-admin-json
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.action | event.action |
| Vendor.description.email | user.changes.email |
| Vendor.description.realname | user.changes.name |
| Vendor.description.email | user.email |
| Vendor.username | user.name |
| Vendor.object | user.target.name |
Tag Fields Created by Parser duo-authentication-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-authentication-json
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.access | agent.name |
| Vendor.access | agent.os.name |
| Vendor.access | agent.os.version |
| Vendor.access | agent.version |
| Vendor.reason | event.reason |
| Vendor.access | name |
| Vendor.access | source.ip |
| Vendor.access | source.port |
| Vendor.email | source.user.email |
| Vendor.user.group | source.user.group.name |
| Vendor.user.key | source.user.id |
| Vendor.user.name | source.user.name |
Tag Fields Created by Parser duo-telephony-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-telephony-json
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.context | event.action |
| Vendor.telephony | event.id |
Tag Fields Created by Parser duo-trustmonitor-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser duo-trustmonitor-json
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.surfaced | agent.name |
| Vendor.surfaced | agent.os.name |
| Vendor.surfaced | agent.os.version |
| Vendor.surfaced | agent.version |
| Vendor.enabled | destination.user.id |
| Vendor.enabled | destination.user.name |
| Vendor.sekey | event.id |
| Vendor.surfaced | event.reason |
| Vendor.surfaced | name |
| Vendor.surfaced | source.ip |
| Vendor.surfaced | source.user.email |
| Vendor.enabled | source.user.id |
| Vendor.surfaced | source.user.id |
| Vendor.enabled | source.user.name |
| Vendor.surfaced | source.user.name |
| Vendor.triage | url.original |