Parsers and Generated Fields

Tag Fields Created by Parser f5networks-bigip

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser f5networks-bigip
Source FieldCPS Field
Vendor.ip_clientclient.address
client.addressclient.ip
destination.addressclient.ip
server.addressclient.ip
source.addressclient.ip
Vendor.dest_ipdestination.address
Vendor.dest_portdestination.port
Vendor.device_iddevice.id
Vendor.hosthost.ip[0]
Vendor.reqhttp.request.body.content
Vendor.methodhttp.request.method
Vendor.http_classhttp.request.referrer
Vendor.resphttp.response.body.content
Vendor.resp_codehttp.response.status_code
log.syslog.severity.namelog.level
Vendor.severitylog.level
log.syslog.prioritylog.syslog.facility.code
Vendor.bytes_innetwork.bytes
Vendor.x_fwd_hdr_valnetwork.forwarded_ip
Vendor.manage_ip_addrobserver.ip[0]
Vendor.violationsrule.name
Vendor.enforced_byrule.ruleset
Vendor.src_ipsource.address
Vendor.geo_infosource.geo.country_iso_code
Vendor.src_portsource.port
Vendor.threat_campaign_namesthreat.group.alias
Vendor.attack_typethreat.technique.name
Vendor.sig_idsthreat.technique.subtechnique.id
Vendor.sig_namesthreat.technique.subtechnique.name
Vendor.usernameuser.name