Parsers and Generated Fields

Tag Fields Created by Parser cloudflare-one
  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser cloudflare-one
Source FieldCPS Field
Event@rawstring
Vendor.ClientASNclient.as.number
Vendor.ClientRequestHostclient.domain
Vendor.ClientIPclient.ip
Vendor.IPAddressclient.ip
Vendor.ClientSrcPortclient.port
Vendor.BytesReceiveddestination.bytes
Vendor.DestinationIPdestination.ip
Vendor.DstIPdestination.ip
Vendor.IPDestinationAddressdestination.ip
Vendor.OriginIPdestination.ip
Vendor.DestinationPortdestination.port
Vendor.DestinationPort;destination.port
Vendor.DstPort;destination.port
Vendor.OriginPortdestination.port
host.iddevice.id
host.namedevice.model.identifier
Vendor.RData[0].datadns.answers[0].data
Vendor.RData[0].typedns.answers[0].type
Vendor.RData[1].datadns.answers[1].data
Vendor.RData[1].typedns.answers[1].type
Vendor.RData[2].datadns.answers[2].data
Vendor.RData[2].typedns.answers[2].type
Vendor.RData[3].datadns.answers[3].data
Vendor.RData[3].typedns.answers[3].type
Vendor.RData[4].datadns.answers[4].data
Vendor.RData[4].typedns.answers[4].type
Vendor.QueryNamedns.question.name
Vendor.QueryTypeNamedns.question.type
Vendor.event.subjectemail.subject
Vendor.event.to[0]email.to.address[0]
Vendor.event.to[1]email.to.address[1]
Vendor.event.to[2]email.to.address[2]
Vendor.event.to[3]email.to.address[3]
Vendor.event.to[4]email.to.address[4]
Vendor.Actionevent.action
Vendor.ActionTypeevent.action
Vendor.ConnectionCloseReasonevent.action
Vendor.SessionIDevent.id
Vendor.Interfaceevent.provider
Vendor.PurposeJustificationPromptevent.reason
Vendor.event.alert_reasons[0];event.reason
Vendor.WAFAttackScoreevent.risk_score
Vendor.BlockedFileNamefile.name
Vendor.BlockedFileSizefile.size
Vendor.DeviceIDhost.id
Vendor.DeviceNamehost.name
Vendor.DeviceTypehost.os.family
Vendor.OSVersionhost.os.version
Vendor.ClientRequestMethodhttp.request.method
Vendor.HTTPMethodhttp.request.method
Vendor.ClientRequestRefererhttp.request.referrer
Vendor.Refererhttp.request.referrer
Vendor.http.response.status_code
Vendor.HTTPStatusCodehttp.response.status_code
Vendor.HTTPVersionhttp.version
Vendor.SignatureMessagemessage
Vendore.Directionnetwork.direction
Vendor.Protocolnetwork.protocol
Vendor.Protocolnetwork.transport
Vendor.Transportnetwork.transport
Vendor.VirtualNetworkIDnetwork.vlan.id
Vendor.Offrampobserver.egress.interface.name
Vendor.PostureCheckTyperule.category
Vendor.PolicyIDrule.id
Vendor.PostureCheckNamerule.name
Vendor.AppUUIDservice.id
Vendor.BytesSentsource.bytes
Vendor.ColoCitysource.geo.city_name
Vendor.ClientCountrysource.geo.country_iso_code
Vendor.Countrysource.geo.country_iso_code
Vendor.ColoCodesource.geo.region_name
Vendor.ActorIPsource.ip
Vendor.IPSourceAddresssource.ip
Vendor.SourceIPsource.ip
Vendor.SrcIPsource.ip
Vendor.SourcePortsource.port
Vendor.SourcePort;source.port
Vendor.SrcPort;source.port
Vendor.ClientSSLCipher;tls.cipher
Vendor.ClientTLSCipher;tls.cipher
Vendor.SNItls.client.server_name
Vendor.OriginTLSCertificateIssuertls.server.issuer
Vendor.ClientTLSVersiontls.version
Vendor.ClientSSLProtocoltls.version_protocol
Vendor.CreatedAtts
Vendor.Datetimets
Vendor.DetectedTimestampts
Vendor.EdgeStartTimestampts
Vendor.SessionStartTimets
Vendor.Timestampts
Vendor.Whents
Vendor.timets
Vendor.AssetLinkurl.original
Vendor.URLurl.original
Vendor.ActorEmailuser.email
Vendor.Emailuser.email
Vendor.ActorIDuser.id
Vendor.UserIDuser.id
Vendor.UserUIDuser.id
Vendor.ClientRequestUserAgentuser_agent.original
Vendor.UserAgentuser_agent.original
Vendor.ClientVersionuser_agent.version
Vendor.FindingTypeDisplayNamevulnerability.description
Vendor.FindingTypeSeverityvulnerability.severity