Parsers and Generated Fields
Tag Fields Created by Parser cisco-umbrella
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cisco-umbrella
| Source Field | CPS Field |
|---|---|
| Vendor.aws_region | cloud.region |
| Vendor.csv_row; | csvData |
| Vendor.destination | destination.domain |
| Vendor.destination_ip | destination.ip |
| Vendor.destination_port | destination.port |
| Vendor.domain | dns.question.name |
| Vendor.query_type | dns.question.type |
| Vendor.response_code | dns.response_code |
| Vendor.certificate_errors | error.message |
| Vendor.action | event.action |
| Vendor.action | event.action |
| Vendor.id | event.id |
| Vendor.unique_event_id | event.id |
| @s3.object.key | eventType |
| Vendor.event_type | eventType |
| Vendor.content_type | file.mime_type |
| Vendor.filename | file.name |
| Vendor.name | file.name |
| Vendor.owner | file.owner |
| Vendor.file_size | file.size |
| Vendor.request_size | http.request.bytes |
| Vendor.request_method | http.request.method |
| Vendor.content_type | http.request.mime_type |
| Vendor.referer | http.request.referrer |
| Vendor.response_body_size | http.response.body.bytes |
| Vendor.response_size | http.response.bytes |
| Vendor.status_code | http.response.status_code |
| Vendor.signature_message | message |
| Vendor.application | network.application |
| Vendor.packet_size | network.bytes |
| Vendor.ip_protocol | network.transport |
| Vendor.protocol | network.transport |
| Vendor.origin_ids; | observer.egress.interface.id |
| Vendor.origin_ids; | observer.ingress.interface.id |
| Vendor.session_id | process.entity_id |
| Vendor.attack_classification | rule.category |
| Vendor.signature_method | rule.description |
| Vendor.firewall_rule_id | rule.id |
| Vendor.rule_id | rule.id |
| Vendor.signature_id | rule.id |
| Vendor.rule | rule.name |
| Vendor.ruleset_id | rule.uuid |
| Vendor.signature_list_id | rule.uuid |
| Vendor.data_center | source.geo.name |
| Vendor.source_ip | source.ip |
| source.address; | source.ip |
| Vendor.external_client_ip | source.nat.ip |
| Vendor.external_ip | source.nat.ip |
| Vendor.source_port | source.port |
| Vendor.url | url.original |
| Vendor.email | user.email |
| Vendor.user | user.name |
| Vendor.user_agent | user_agent.original |
| Vendor.cves | vulnerability.reference |