Parsers and Generated Fields

Tag Fields Created by Parser imperva-cloudwaf

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser imperva-cloudwaf
Vendor FieldCPS FieldDescription
`event.category[]`ArrayVendor.name
`event.type[]`ArrayVendor.name
`client.ip`Conditionalclient.address
`destination.ip`Conditionaldestination.address
`event.kind`ConditionalVendor.name
`event.outcome`Conditionalhttp.response.status_code
`network.type`Conditionalsource.address, client.address, destination.address, server.address
`server.domain`Conditionalserver.address
`server.ip`Conditionalserver.address
`source.ip`Conditionalsource.address
`client.address`CopiedVendor.src
`client.bytes`CopiedVendor.in
`client.geo.city_name`CopiedVendor.cicode
`client.geo.country_iso_code`CopiedVendor.ccode
`client.geo.location.lat`CopiedVendor.latitude
`client.geo.location.lon`CopiedVendor.longitude
`client.port`CopiedVendor.cpt
`destination.address`CopiedVendor.sip
`destination.domain`CopiedVendor.dhost
`destination.port`CopiedVendor.spt
`event.action`CopiedVendor.act
`event.end`CopiedVendor.end
`event.id`CopiedVendor.id
`event.risk_score`CopiedVendor.severity
`event.start`CopiedVendor.start
`host.risk.calculated_level`CopiedVendor.severity
`http.request.method`CopiedVendor.requestMethod
`http.request.referrer`CopiedVendor.ref
`http.response.status_code`CopiedVendor.cn1
`network.bytes`CopiedVendor.in
`network.forwarded_ip`CopiedVendor.xff
`network.protocol`CopiedVendor.app
`observer.product`CopiedVendor.device.product
`observer.vendor`CopiedVendor.device.vendor
`observer.version`CopiedVendor.device.version
`rule.name`CopiedVendor.name
`server.address`CopiedVendor.sip
`server.port`CopiedVendor.spt
`source.address`CopiedVendor.src
`source.bytes`CopiedVendor.in
`source.geo.city_name`CopiedVendor.cicode
`source.geo.country_iso_code`CopiedVendor.ccode
`source.geo.location.lat`CopiedVendor.latitude
`source.geo.location.lon`CopiedVendor.longitude
`source.port`CopiedVendor.cpt
`url.original`CopiedVendor.request
`url.query`CopiedVendor.qstr
`user_agent.original`CopiedVendor.requestClientApplication
`event.severity`Mappedevent.risk_score, host.risk.calculated_level
`source.geo.country_name`Mappedsource.geo.country_iso_code
`source.geo.region_iso_code`Mappedsource.geo.country_iso_code
`source.geo.region_name`Mappedsource.geo.country_iso_code
`@timestamp`ParsedVendor.start
`client.domain`ParsedVendor.sourceServiceName
`source.domain`ParsedVendor.sourceServiceName
`ecs.version`StaticNone
`event.module`StaticNone
Vendor.inclient.bytes 
Vendor.cicodeclient.geo.city_name 
Vendor.ccodeclient.geo.country_iso_code 
Vendor.latitudeclient.geo.location.lat 
Vendor.longitudeclient.geo.location.lon 
client.addressclient.ip 
Vendor.cptclient.port 
destination.addressdestination.ip 
Vendor.sptdestination.port 
Vendor.actevent.action 
Vendor.endevent.end 
Vendor.idevent.id 
Vendor.startevent.start 
Vendor.requestMethodhttp.request.method 
Vendor.refhttp.request.referrer 
Vendor.cn1http.response.status_code 
Vendor.innetwork.bytes 
Vendor.xffnetwork.forwarded_ip 
Vendor.device.productobserver.product 
Vendor.device.vendorobserver.vendor 
Vendor.device.versionobserver.version 
Vendor.namerule.name 
server.addressserver.ip 
Vendor.sptserver.port 
Vendor.insource.bytes 
Vendor.cicodesource.geo.city_name 
Vendor.ccodesource.geo.country_iso_code 
Vendor.latitudesource.geo.location.lat 
Vendor.longitudesource.geo.location.lon 
source.addresssource.ip 
Vendor.cptsource.port 
Vendor.requesturl.original 
Vendor.qstrurl.query 
Vendor.requestClientApplicationuser_agent.original