Parsers and Generated Fields
Tag Fields Created by Parser google-chrome-enterprise
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser google-chrome-enterprise
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| Vendor.time | @timestamp | Event timestamp | Extracted from Vendor.time using regex pattern and parsed as seconds format |
| Vendor.device_id | device.id | Unique device identifier | Copied from Vendor.device_id |
| Vendor.device_name | device.model.name | Name of the device | Copied from Vendor.device_name |
| None | ecs.version | ECS schema version | Static value: 8.17.0 |
| Vendor.event | event.action | Chrome Enterprise event type | Copied from Vendor.event |
| None | event.category[] | Event category array | Static value: network |
| None | event.kind | Event categorization | Static value: event |
| None | event.module | Module identifier | Static value: chromeenterprise |
| Vendor.event | event.outcome | Event outcome (success/failure) | Conditional assignment based on event.action |
| Vendor.reason | event.reason | Reason for the event | Copied from Vendor.reason |
| Vendor.event_detail | event.reference | Additional event details | Copied from Vendor.event_detail |
| None | event.type[] | Event type array | Static value: info |
| Vendor.os_platform | host.os.type | Operating system platform | Copied from Vendor.os_platform |
| Vendor.os_version | host.os.version | Operating system version | Copied from Vendor.os_version |
| Vendor.url (indirect) | url.domain | Domain extracted from URL | Parsed from url.original and converted to lowercase |
| Vendor.url | url.original | Original URL from the event | Copied from Vendor.url |
| Vendor.device_user | user.name | Username associated with the device | Copied from Vendor.device_user |
| Vendor.user_agent | user_agent.original | User agent string | Copied from Vendor.user_agent |