Parsers and Generated Fields

Tag Fields Created by Parser cisco-ise

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser cisco-ise
Vendor FieldCPS FieldDescription
`event.category[]`ArrayVendor.category, Vendor.code
`event.type[]`ArrayVendor.category, Vendor.code
`host.ip[]`ArrayVendor.DestinationIPAddress, Vendor.Remote-Address, Vendor.IpAddress
`host.mac[]`ArrayVendor.EndPointMACAddress, Vendor.EPMacAddress
`user.full_name`ConcatenatedVendor.Firstname, Vendor.Lastname
`client.ip`CopiedVendor.Remote-Address, Vendor.AdminIPAddress, host.ip[0]
`client.port`CopiedVendor.DestinationPort
`event.reason`CopiedVendor.FailureReason, Vendor.AD-Error-Details, Vendor.Detail
`network.protocol`CopiedVendor.Protocol
`observer.name`Copiedlog.syslog.hostname
`server.ip`CopiedVendor.Device IP Address
`server.port`CopiedVendor.Device Port
`service.name`CopiedVendor.Service-Type
`source.ip`CopiedVendor.IpAddress
`user.name`CopiedVendor.UserName, Vendor.OriginalUserName, Vendor.User-Name, Vendor.User, Vendor.AdminName
`event.outcome`DeterminedVendor.code, message analysis
`event.action`ExtractedVendor.category, Vendor.log.message.description
`event.id`ExtractedVendor.event.id
`event.sequence`ExtractedVendor.event.sequence
`log.syslog.hostname`Extractedsyslog hostname
`log.syslog.priority`Extractedsyslog priority
`log.syslog.severity.name`ExtractedVendor.log.syslog.severity.name
`@timestamp`Parsedevent.created, @timestamp
`event.created`Parsedlog.syslog timestamp
`process.command_line`ParsedVendor.CmdSet
`ecs.version`StaticNone
`event.dataset`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
`observer.type`StaticNone
Vendor.DestinationPortclient.port 
log.syslog.hostnameobserver.name 
Vendor.IpAddresssource.ip