Parsers and Generated Fields
Tag Fields Created by Parser cisco-umbrella
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cisco-umbrella
Source Field | LogScale Repository Field |
---|---|
Vendor.user | agent.original |
Vendor.aws | cloud.region |
Vendor.response | code |
Vendor.status | code |
Vendor.csv | csvData |
Vendor.destination | destination.domain |
Vendor.destination | destination.ip |
Vendor.destination | destination.port |
Vendor.domain | dns.question.name |
Vendor.query | dns.question.type |
Vendor.certificate | error.message |
Vendor.action | event.action |
Vendor.id | event.id |
Vendor.unique | event.id |
Vendor.event | eventType |
Vendor.filename | file.name |
Vendor.name | file.name |
Vendor.owner | file.owner |
Vendor.file | file.size |
Vendor.request | http.request.bytes |
Vendor.request | http.request.method |
Vendor.referer | http.request.referrer |
Vendor.response | http.response.body.bytes |
Vendor.response | http.response.bytes |
Vendor.session | id |
Vendor.origin | interface.id |
Vendor.signature | message |
Vendor.application | network.application |
Vendor.packet | network.bytes |
Vendor.ip | network.transport |
Vendor.protocol | network.transport |
Vendor.attack | rule.category |
Vendor.signature | rule.description |
Vendor.firewall | rule.id |
Vendor.rule | rule.id |
Vendor.signature | rule.id |
Vendor.rule | rule.name |
Vendor.ruleset | rule.uuid |
Vendor.signature | rule.uuid |
Vendor.data | source.geo.name |
Vendor.source | source.ip |
source.address | source.ip |
Vendor.external | source.nat.ip |
Vendor.source | source.port |
Vendor.content | type |
Vendor.url | url.original |
Vendor.email | user.email |
Vendor.user | user.name |
Vendor.cves | vulnerability.reference |