Parsers and Generated Fields
Tag Fields Created by Parser fortinet-fortimail
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser fortinet-fortimail
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | Vendor.log.type, Vendor.log.subtype |
| `event.type[]` | Array | Vendor.log.type, Vendor.log.msg |
| `log.syslog.facility.code` | Calculated | log.syslog.priority, log.syslog.severity.code |
| `destination.domain` | Copied | Vendor.log.domain |
| `destination.ip` | Copied | Vendor.log.dst_ip |
| `email.direction` | Copied | Vendor.log.direction |
| `email.message_id` | Copied | Vendor.log.message_id |
| `email.subject` | Copied | Vendor.log.subject |
| `email.x_mailer` | Copied | Vendor.log.mailer |
| `event.action` | Copied | Vendor.log.action |
| `event.id` | Copied | Vendor.log.log_id |
| `event.reason` | Copied | Vendor.log.classifier |
| `event.sequence` | Copied | Vendor.log.log_part |
| `log.level` | Copied | Vendor.log.pri |
| `rule.id` | Copied | Vendor.log.polid |
| `server.domain` | Copied | Vendor.log.domain |
| `source.address` | Copied | Vendor.log.client_name |
| `source.geo.country_iso_code` | Copied | Vendor.log.client_cc |
| `source.ip` | Copied | Vendor.log.client_ip, Vendor.log.src, Vendor.log.ui |
| `threat.indicator.name` | Copied | Vendor.log.virus |
| `url.original` | Copied | Vendor.log.url |
| `user.name` | Copied | Vendor.log.user |
| `event.outcome` | Determined | Vendor.log.status, Vendor.log.msg |
| `email.from.address[]` | Extracted | Vendor.log.from |
| `log.syslog.priority` | Extracted | @rawstring |
| `network.protocol` | Extracted | Vendor.log.ui |
| `event.dataset` | Formatted | event.module, Vendor.log.type |
| `event.severity` | Mapped | log.level |
| `log.syslog.severity.code` | Mapped | log.level |
| `@timestamp` | Parsed | Vendor.log.date, Vendor.log.time |
| `email.to.address` | Parsed | Vendor.log.to |
| `url.domain` | Parsed | url.original |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| Vendor.log.dst_ip | destination.ip | |
| Vendor.log.direction | email.direction | |
| Vendor.log.message_id | email.message_id | |
| Vendor.log.subject | email.subject | |
| Vendor.log.mailer | email.x_mailer | |
| Vendor.log.log_id | event.id | |
| Vendor.log.classifier | event.reason | |
| Vendor.log.log_part | event.sequence | |
| Vendor.log.pri | log.level | |
| Vendor.log.polid | rule.id | |
| Vendor.log.client_cc | source.geo.country_iso_code | |
| Vendor.log.virus | threat.indicator.name | |
| url.host | url.domain | |
| Vendor.log.url | url.original |