Parsers and Generated Fields
Tag Fields Created by Parser cloudflare-one
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cloudflare-one
Source Field | CPS Field |
---|---|
Event | @rawstring |
Vendor.ClientASN | client.as.number |
Vendor.ClientRequestHost | client.domain |
Vendor.ClientIP | client.ip |
Vendor.IPAddress | client.ip |
Vendor.ClientSrcPort | client.port |
Vendor.BytesReceived | destination.bytes |
Vendor.DestinationIP | destination.ip |
Vendor.DstIP | destination.ip |
Vendor.IPDestinationAddress | destination.ip |
Vendor.OriginIP | destination.ip |
Vendor.DestinationPort | destination.port |
Vendor.DestinationPort; | destination.port |
Vendor.DstPort; | destination.port |
Vendor.OriginPort | destination.port |
host.id | device.id |
host.name | device.model.identifier |
Vendor.RData[0].data | dns.answers[0].data |
Vendor.RData[0].type | dns.answers[0].type |
Vendor.RData[1].data | dns.answers[1].data |
Vendor.RData[1].type | dns.answers[1].type |
Vendor.RData[2].data | dns.answers[2].data |
Vendor.RData[2].type | dns.answers[2].type |
Vendor.RData[3].data | dns.answers[3].data |
Vendor.RData[3].type | dns.answers[3].type |
Vendor.RData[4].data | dns.answers[4].data |
Vendor.RData[4].type | dns.answers[4].type |
Vendor.QueryName | dns.question.name |
Vendor.QueryTypeName | dns.question.type |
Vendor.event.subject | email.subject |
Vendor.event.to[0] | email.to.address[0] |
Vendor.event.to[1] | email.to.address[1] |
Vendor.event.to[2] | email.to.address[2] |
Vendor.event.to[3] | email.to.address[3] |
Vendor.event.to[4] | email.to.address[4] |
Vendor.Action | event.action |
Vendor.ActionType | event.action |
Vendor.ConnectionCloseReason | event.action |
Vendor.SessionID | event.id |
Vendor.Interface | event.provider |
Vendor.PurposeJustificationPrompt | event.reason |
Vendor.event.alert_reasons[0]; | event.reason |
Vendor.WAFAttackScore | event.risk_score |
Vendor.BlockedFileName | file.name |
Vendor.BlockedFileSize | file.size |
Vendor.DeviceID | host.id |
Vendor.DeviceName | host.name |
Vendor.DeviceType | host.os.family |
Vendor.OSVersion | host.os.version |
Vendor.ClientRequestMethod | http.request.method |
Vendor.HTTPMethod | http.request.method |
Vendor.ClientRequestReferer | http.request.referrer |
Vendor.Referer | http.request.referrer |
Vendor. | http.response.status_code |
Vendor.HTTPStatusCode | http.response.status_code |
Vendor.HTTPVersion | http.version |
Vendor.SignatureMessage | message |
Vendore.Direction | network.direction |
Vendor.Protocol | network.protocol |
Vendor.Protocol | network.transport |
Vendor.Transport | network.transport |
Vendor.VirtualNetworkID | network.vlan.id |
Vendor.Offramp | observer.egress.interface.name |
Vendor.PostureCheckType | rule.category |
Vendor.PolicyID | rule.id |
Vendor.PostureCheckName | rule.name |
Vendor.AppUUID | service.id |
Vendor.BytesSent | source.bytes |
Vendor.ColoCity | source.geo.city_name |
Vendor.ClientCountry | source.geo.country_iso_code |
Vendor.Country | source.geo.country_iso_code |
Vendor.ColoCode | source.geo.region_name |
Vendor.ActorIP | source.ip |
Vendor.IPSourceAddress | source.ip |
Vendor.SourceIP | source.ip |
Vendor.SrcIP | source.ip |
Vendor.SourcePort | source.port |
Vendor.SourcePort; | source.port |
Vendor.SrcPort; | source.port |
Vendor.ClientSSLCipher; | tls.cipher |
Vendor.ClientTLSCipher; | tls.cipher |
Vendor.SNI | tls.client.server_name |
Vendor.OriginTLSCertificateIssuer | tls.server.issuer |
Vendor.ClientTLSVersion | tls.version |
Vendor.ClientSSLProtocol | tls.version_protocol |
Vendor.CreatedAt | ts |
Vendor.Datetime | ts |
Vendor.DetectedTimestamp | ts |
Vendor.EdgeStartTimestamp | ts |
Vendor.SessionStartTime | ts |
Vendor.Timestamp | ts |
Vendor.When | ts |
Vendor.time | ts |
Vendor.AssetLink | url.original |
Vendor.URL | url.original |
Vendor.ActorEmail | user.email |
Vendor.Email | user.email |
Vendor.ActorID | user.id |
Vendor.UserID | user.id |
Vendor.UserUID | user.id |
Vendor.ClientRequestUserAgent | user_agent.original |
Vendor.UserAgent | user_agent.original |
Vendor.ClientVersion | user_agent.version |
Vendor.FindingTypeDisplayName | vulnerability.description |
Vendor.FindingTypeSeverity | vulnerability.severity |