Parsers and Generated Fields
Tag Fields Created by Parser dlp-cef
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser dlp-cef
| Source Field | CPS Field |
|---|---|
| Vendor.name | agent.name |
| Vendor.device.version | agent.version |
| Vendor.sourceServiceName | event.action |
| Vendor.eventId | event.id |
| Vendor.riskScore | event.risk_score |
| Vendor.severity | event.severity |
| Vendor.riskScore | risk.calculated_score |
| Vendor.msg | rule.name |
| Vendor.sourceIp | source.address |
| Vendor.sourceIp; | source.ip |
| Vendor.severityType | threat.indicator.confidence |
| Vendor.caseDescription | threat.indicator.description |
| Vendor.numberOfIncidents | threat.indicator.sightings |
| Vendor.duser | user.email |
| Vendor.loginName | user.name |
Tag Fields Created by Parser forcepoint-dlp
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser forcepoint-dlp
| Source Field | CPS Field |
|---|---|
| Vendor.name | agent.name |
| Vendor.device.version | agent.version |
| Vendor.sourceServiceName | event.action |
| Vendor.eventId | event.id |
| Vendor.riskScore | event.risk_score |
| Vendor.severity | event.severity |
| event.risk_score | host.risk.calculated_score |
| Vendor.msg | rule.name |
| Vendor.sourceIp | source.address |
| source.address; | source.ip |
| Vendor.severityType | threat.indicator.confidence |
| Vendor.caseDescription | threat.indicator.description |
| Vendor.numberOfIncidents | threat.indicator.sightings |
| Vendor.duser | user.email |
| Vendor.loginName | user.name |