Parsers and Generated Fields
Tag Fields Created by Parser claroty-ctd
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser claroty-ctd
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | Vendor.event_class_id |
| `event.type[]` | Array | Vendor.event_class_id |
| `event.kind` | Conditional | Vendor.event_class_id |
| `file.path` | Conditional | Vendor.ext.CtdFilePath |
| `message` | Conditional | Vendor.ext.CtdMessage |
| `vulnerability.id` | Conditional | Vendor.ext.CtdCveId |
| `vulnerability.score.base` | Conditional | Vendor.ext.CtdCveScore |
| `destination.domain` | Copied | Vendor.ext.CtdDestinationHost |
| `destination.mac` | Copied | Vendor.ext.CtdDestinationMac |
| `source.domain` | Copied | Vendor.ext.CtdSourceHost |
| `source.mac` | Copied | Vendor.ext.CtdSourceMac |
| `destination.ip` | Direct | Vendor.ext.CtdDestinationIp |
| `source.ip` | Direct | Vendor.ext.CtdSourceIp |
| `log.syslog.appname` | Extracted | None |
| `log.syslog.hostname` | Extracted | None |
| `log.syslog.msgid` | Extracted | None |
| `log.syslog.priority` | Extracted | None |
| `log.syslog.procid` | Extracted | None |
| `log.syslog.structured_data` | Extracted | None |
| `event.severity` | Mapped | Vendor.severity |
| `log.level` | Mapped | Vendor.severity |
| `ecs.version` | Static | None |
| `event.module` | Static | None |
| Vendor.ext.CtdDestinationIp | destination.ip | |
| Vendor.ext.CtdFilePath | file.path | |
| Vendor.ext.CtdSourceIp | source.ip | |
| Vendor.ext.CtdCveId | vulnerability.id |