Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser cisco-umbrella

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser cisco-umbrella

Vendor Field	CPS Field	Description
`event.category[]`	Array	None
`event.type[]`	Array	Vendor.action
`client.domain`	Conditional	client.address
`client.ip`	Conditional	client.address
`destination.ip`	Conditional	destination.address
`event.dataset`	Conditional	None
`network.type`	Conditional	None
`server.domain`	Conditional	server.address
`server.ip`	Conditional	server.address
`source.domain`	Conditional	source.address
`source.ip`	Conditional	source.address
`client.address`	Copied	Vendor.internal_ip, Vendor.internal_client_ip
`client.port`	Copied	source.port
`cloud.region`	Copied	Vendor.aws_region
`destination.address`	Copied	Vendor.destination_ip
`destination.domain`	Copied	Vendor.destination, Vendor.fqdns
`destination.port`	Copied	Vendor.destination_port
`dns.question.name`	Copied	Vendor.domain
`dns.question.type`	Copied	Vendor.query_type
`dns.response_code`	Copied	Vendor.response_code
`error.message`	Copied	Vendor.certificate_errors
`event.action`	Copied	Vendor.action
`event.id`	Copied	Vendor.id, Vendor.unique_event_id
`event.risk_score`	Copied	Vendor.amp_score
`file.hash.sha256`	Copied	Vendor.sha256
`file.mime_type`	Copied	Vendor.content_type
`file.name`	Copied	Vendor.filename, Vendor.name
`file.owner`	Copied	Vendor.owner
`file.size`	Copied	Vendor.file_size
`http.request.bytes`	Copied	Vendor.request_size
`http.request.method`	Copied	Vendor.request_method
`http.request.mime_type`	Copied	Vendor.content_type
`http.request.referrer`	Copied	Vendor.referer
`http.response.body.bytes`	Copied	Vendor.response_body_size
`http.response.bytes`	Copied	Vendor.response_size
`http.response.status_code`	Copied	Vendor.status_code
`message`	Copied	Vendor.signature_message
`network.application`	Copied	Vendor.application, Vendor.application_entity_name
`network.bytes`	Copied	Vendor.packet_size
`network.iana_number`	Copied	Vendor.protocol
`network.transport`	Copied	Vendor.ip_protocol
`observer.egress.interface.id`	Copied	Vendor.origin_ids
`observer.ingress.interface.id`	Copied	Vendor.origin_ids
`organization.id`	Copied	Vendor.organization_id
`rule.category`	Copied	Vendor.attack_classification
`rule.description`	Copied	Vendor.signature_method
`rule.id`	Copied	Vendor.rule_id, Vendor.signature_id, Vendor.firewall_rule_id
`rule.name`	Copied	Vendor.rule
`rule.ruleset`	Copied	Vendor.ruleset_id, Vendor.signature_list_id
`server.address`	Copied	destination.address
`server.port`	Copied	destination.port
`source.address`	Copied	Vendor.source_ip, Vendor.internal_ip
`source.geo.name`	Copied	Vendor.data_center
`source.nat.ip`	Copied	Vendor.egress_ip, Vendor.external_client_ip
`source.port`	Copied	Vendor.source_port
`threat.software.name`	Copied	Vendor.amp_malware_name
`url.original`	Copied	Vendor.url
`user_agent.original`	Copied	Vendor.user_agent
`vulnerability.id`	Copied	Vendor.cves
`user.email`	Extracted	Vendor.identity, Vendor.email
`user.full_name`	Extracted	Vendor.identity
`user.name`	Extracted	Vendor.identity, Vendor.user
`event.severity`	Mapped	Vendor.severity
`network.direction`	Mapped	Vendor.direction, Vendor.traffic_direction
`@timestamp`	Parsed	Vendor.timestamp
`ecs.version`	Static	None
`event.kind`	Static	None
`event.module`	Static	None
`threat.software.type`	Static	Vendor.amp_malware_name
@s3.object.key	__eventType
Vendor.event_type	__eventType
source.address	client.address
client.address	client.ip
source.port	client.port
Vendor.aws_region	cloud.region
Vendor.external_ip	destination.address
destination.address	destination.ip
Vendor.domain	dns.question.name
Vendor.query_type	dns.question.type
Vendor.response_code	dns.response_code
Vendor.certificate_errors	error.message
Vendor.id	event.id
Vendor.unique_event_id	event.id
Vendor.amp_score	event.risk_score
Vendor.content_type	file.mime_type
Vendor.filename	file.name
Vendor.name	file.name
Vendor.owner	file.owner
Vendor.file_size	file.size
Vendor.request_size	http.request.bytes
Vendor.request_method	http.request.method
Vendor.content_type	http.request.mime_type
Vendor.referer	http.request.referrer
Vendor.response_body_size	http.response.body.bytes
Vendor.response_size	http.response.bytes
Vendor.status_code	http.response.status_code
Vendor.signature_message	message
Vendor.application	network.application
Vendor.application_entity_name	network.application
Vendor.packet_size	network.bytes
Vendor.protocol	network.iana_number
Vendor.organization_id	organization.id
Vendor.attack_classification	rule.category
Vendor.signature_method	rule.description
Vendor.rule_id	rule.id
Vendor.rule	rule.name
Vendor.ruleset_id	rule.ruleset
Vendor.signature_list_id	rule.ruleset
destination.address	server.address
server.address	server.ip
destination.port	server.port
Vendor.data_center	source.geo.name
source.address	source.ip
Vendor.egress_ip	source.nat.ip
Vendor.external_client_ip	source.nat.ip
Vendor.source_port	source.port
Vendor.amp_malware_name	threat.software.name
Vendor.url	url.original
Vendor.email	user.email
Vendor.user	user.name
Vendor.cves	vulnerability.id

Enter search term