Parsers and Generated Fields
Tag Fields Created by Parser ai_analyst_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser ai_analyst_alert-syslog
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.periods[0].end | event.end |
| Vendor.id | event.id |
| Vendor.title | event.reason |
| Vendor.periods[0].start | event.start |
| Vendor.incidentEventUrl | event.url |
| Vendor.aiaScore | score |
| Vendor.activityId | threat.group.id |
Tag Fields Created by Parser model_breach_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser model_breach_alert-syslog
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.creationTime | event.created |
| Vendor.model.priority | event.severity |
| Vendor.breachUrl | event.url |
| Vendor.device.hostname | host.hostname |
| Vendor.device.did | host.id |
| Vendor.device.ip | host.ip[0] |
| Vendor.device.ip6 | host.ip[1] |
| Vendor.device.typename | host.type |
| Vendor.device.hostname | related.ip[0] |
| Vendor.model.created.by | rule.author |
| Vendor.model.category | rule.category |
| Vendor.model.description | rule.description |
| Vendor.model.name | rule.name |
| Vendor.model.uuid | rule.uuid |
| Vendor.model.version | rule.version |
| Vendor.score | score |
Tag Fields Created by Parser system_status_alert-syslog
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser system_status_alert-syslog
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.uuid | event.id |
| Vendor.message | event.reason |
| Vendor.url | event.url |
| Vendor.hostname | host.hostname |
| Vendor.ip | host.ip[0] |
| Vendor.hostname | related.ip[0] |
| Vendor.priority | score |