Parsers and Generated Fields
Tag Fields Created by Parser ai_analyst_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser ai_analyst_alert-syslog
Source Field | LogScale Repository Field |
---|---|
Vendor.periods[0].end | event.end |
Vendor.id | event.id |
Vendor.title | event.reason |
Vendor.periods[0].start | event.start |
Vendor.incidentEventUrl | event.url |
Vendor.aiaScore | score |
Vendor.activityId | threat.group.id |
Tag Fields Created by Parser model_breach_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser model_breach_alert-syslog
Source Field | LogScale Repository Field |
---|---|
Vendor.creationTime | event.created |
Vendor.model.priority | event.severity |
Vendor.breachUrl | event.url |
Vendor.device.hostname | host.hostname |
Vendor.device.did | host.id |
Vendor.device.ip | host.ip[0] |
Vendor.device.ip6 | host.ip[1] |
Vendor.device.typename | host.type |
Vendor.device.hostname | related.ip[0] |
Vendor.model.created.by | rule.author |
Vendor.model.category | rule.category |
Vendor.model.description | rule.description |
Vendor.model.name | rule.name |
Vendor.model.uuid | rule.uuid |
Vendor.model.version | rule.version |
Vendor.score | score |
Tag Fields Created by Parser system_status_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser system_status_alert-syslog
Source Field | LogScale Repository Field |
---|---|
Vendor.uuid | event.id |
Vendor.message | event.reason |
Vendor.url | event.url |
Vendor.hostname | host.hostname |
Vendor.ip | host.ip[0] |
Vendor.hostname | related.ip[0] |
Vendor.priority | score |