Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 1 minutes

Parsers and Generated Fields

Tag Fields Created by Parser cisco-firepower

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser cisco-firepower

Vendor Field	CPS Field	Description
InitiatorBytes	destination.bytes	Number of bytes from initiator
Vendor.InitiatorBytes	destination.bytes
DstIP	destination.ip	Destination IP address
Vendor.DstIP	destination.ip
NAT_ResponderIP	destination.nat.ip	NAT destination IP
Vendor.NAT_ResponderIP	destination.nat.ip
NAT_ResponderPort	destination.nat.port	NAT destination port
Vendor.NAT_ResponderPort	destination.nat.port
InitiatorPackets	destination.packets	Number of packets from initiator
Vendor.InitiatorPackets	destination.packets
DstPort	destination.port	Destination port number
Vendor.DstPort	destination.port
DeviceUUID	device.id	Device UUID
Vendor.DeviceUUID	device.id
DNS_TTL	dns.answers[0].ttl	DNS record TTL
Vendor.DNS_TTL	dns.answers[0].ttl
DNSQuery	dns.question.name	DNS query name
Vendor.DNSQuery	dns.question.name
DNSRecordType	dns.question.type	DNS record type
Vendor.DNSRecordType	dns.question.type
DNSResponseType	dns.response_code	DNS response code
Vendor.DNSResponseType	dns.response_code
Vendor.AccessControlRuleAction	event.action
Vendor.AccessControlRuleReason	event.reason
Vendor.EventPriority	event.severity
Vendor.FirstPacketSecond	event.start
ArchiveSHA256	file.hash.sha256	Archive SHA256 hash
FileSHA256	file.hash.sha256	File SHA256 hash
ArchiveFileName	file.name	Archive file name
FileName	file.name	File name
Vendor.ArchiveFileName	file.name
Vendor.FileName	file.name
InstanceID	host.id	Instance ID
Vendor.InstanceID	host.id
HTTPReferer	http.request.referrer	HTTP referrer
Vendor.HTTPReferer	http.request.referrer
HTTPResponse	http.response.status_code	HTTP response code
Vendor.HTTPResponse	http.response.status_code
WebApplication	network.application	Web application name
Vendor.WebApplication	network.application
source.bytes	network.bytes
destination.packets	network.packets
ApplicationProtocol	network.protocol	Application protocol
Protocol	network.transport	Transport protocol
EgressInterface	observer.egress.interface.alias	Egress interface name
Vendor.EgressInterface	observer.egress.interface.alias
EgressVRF	observer.egress.vlan.name	Egress VRF name
Vendor.EgressVRF	observer.egress.vlan.name
EgressZone	observer.egress.zone	Egress security zone
Vendor.EgressZone	observer.egress.zone
log.syslog.hostname	observer.hostname
IngressInterface	observer.ingress.interface.alias	Ingress interface name
Vendor.IngressInterface	observer.ingress.interface.alias
IngressVRF	observer.ingress.vlan.name	Ingress VRF name
Vendor.IngressVRF	observer.ingress.vlan.name
IngressZone	observer.ingress.zone	Ingress security zone
Vendor.IngressZone	observer.ingress.zone
DetectionType	rule.category	Detection type
Vendor.DetectionType	rule.category
AccessControlRuleReason	rule.description	Access control rule reason
Vendor.AccessControlRuleReason	rule.description
AccessControlRuleName	rule.name	Access control rule name
Vendor.AccessControlRuleName	rule.name
ACPolicy	rule.ruleset	Access control policy name
Vendor.ACPolicy	rule.ruleset
ResponderBytes	source.bytes	Number of bytes from responder
Vendor.ResponderBytes	source.bytes
SrcIP	source.ip	Source IP address
Vendor.SrcIP	source.ip
NAT_InitiatorIP	source.nat.ip	NAT source IP
Vendor.NAT_InitiatorIP	source.nat.ip
NAT_InitiatorPort	source.nat.port	NAT source port
Vendor.NAT_InitiatorPort	source.nat.port
ResponderPackets	source.packets	Number of packets from responder
Vendor.ResponderPackets	source.packets
SrcPort	source.port	Source port number
Vendor.SrcPort	source.port
SSLCipherSuite	tls.cipher	SSL cipher suite
Vendor.SSLCipherSuite	tls.cipher
SSLCertificate	tls.client.certificate	SSL certificate
Vendor.SSLCertificate	tls.client.certificate
SSLServerName	tls.client.server_name	SSL server name
Vendor.SSLServerName	tls.client.server_name
SSLVersion	tls.version	SSL/TLS version
Vendor.SSLVersion	tls.version
url.original	url.full
URL	url.original	Original URL
Vendor.URL	url.original
user.name	user.email
User	user.id	User ID
Vendor.User	user.id
Client	user_agent.name	Client name
Vendor.Client	user_agent.name
UserAgent	user_agent.original	User agent string
Vendor.UserAgent	user_agent.original
ClientVersion	user_agent.version	Client version
Vendor.ClientVersion	user_agent.version

Enter search term