Parsers and Generated Fields
Tag Fields Created by Parser juniper-srx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser juniper-srx
| Vendor Field | CPS Field | Description |
|---|---|---|
| source.bytes | client.bytes | |
| source.ip | client.ip | |
| source.nat.ip | client.nat.ip | |
| source.nat.port | client.nat.port | |
| source.packets | client.packets | |
| source.port | client.port | |
| Vendor.bytes-from-server | destination.bytes | Bytes sent from server to client |
| Vendor.inbound-bytes | destination.bytes | Alternative bytes from server field |
| Vendor.destination-address | destination.ip | Destination IP address |
| Vendor.dst-addr | destination.ip | Alternative destination IP address field |
| Vendor.nat-destination-address | destination.nat.ip | NAT destination IP address |
| Vendor.nat-remote-address | destination.nat.ip | Alternative NAT destination IP address field |
| Vendor.nat-destination-port | destination.nat.port | NAT destination port |
| Vendor.inbound-packets | destination.packets | Alternative packets from server field |
| Vendor.packets-from-server | destination.packets | Packets sent from server to client |
| Vendor.destination-port | destination.port | Destination port |
| Vendor.dst-port | destination.port | Alternative destination port field |
| Vendor.action | event.action | |
| Vendor.reason | event.reason | Reason for the event |
| Vendor.application-risk | event.risk_score | Risk score associated with the application |
| Vendor.sample-sha256 | file.hash.sha256 | SHA256 hash of the file (lowercased) |
| Vendor.file-name | file.name | Alternative file name field |
| Vendor.filename | file.name | File name |
| Vendor.syslog.hostname; | log.syslog.hostname | |
| Vendor.syslog.msgid; | log.syslog.msgid | |
| Vendor.syslog.procid; | log.syslog.procid | |
| source.bytes | network.bytes | |
| Vendor.protocol-id | network.iana_number | Protocol ID number |
| client.packets | network.packets | |
| Vendor.protocol | network.protocol | Network protocol |
| Vendor.packet-protocol | network.transport | Alternative transport protocol field |
| Vendor.protocol-name | network.transport | Transport protocol name |
| Vendor.destination-interface-name | observer.egress.interface.name | Destination interface name |
| Vendor.destination-zone-name | observer.egress.zone | Destination security zone |
| Vendor.interface-name | observer.ingress.interface.name | Interface name |
| Vendor.packet-incoming-interface | observer.ingress.interface.name | Incoming packet interface |
| Vendor.source-interface-name | observer.ingress.interface.name | Source interface name |
| Vendor.source-zone-name | observer.ingress.zone | Source security zone |
| Vendor.pid | process.pid | Process ID |
| Vendor.policy-name | rule.name | Policy or rule name |
| Vendor.rule-name | rule.name | Alternative rule name field |
| Vendor.rulebase-name | rule.name | Alternative rule name field |
| destination.bytes | server.bytes | |
| destination.ip | server.ip | |
| destination.nat.ip | server.nat.ip | |
| destination.nat.port | server.nat.port | |
| destination.packets | server.packets | |
| destination.port | server.port | |
| Vendor.client-mode | service.type | Client connection mode |
| Vendor.bytes-from-client | source.bytes | Bytes sent from client to server |
| Vendor.outbound-bytes | source.bytes | Alternative bytes from client field |
| Vendor.local-address | source.ip | Alternative source IP address field for VPN connections |
| Vendor.source-address | source.ip | Source IP address |
| Vendor.src-addr | source.ip | Alternative source IP address field |
| Vendor.src-ip-str | source.ip | Another alternative source IP address field |
| Vendor.nat-local-address | source.nat.ip | Alternative NAT source IP address field |
| Vendor.nat-source-address | source.nat.ip | NAT source IP address |
| Vendor.nat-source-port | source.nat.port | NAT source port |
| Vendor.outbound-packets | source.packets | Alternative packets from client field |
| Vendor.packets-from-client | source.packets | Packets sent from client to server |
| Vendor.packets-num | source.packets | Alternative packet count field |
| Vendor.source-port | source.port | Source port |
| Vendor.src-port | source.port | Alternative source port field |
| Vendor.username | source.user.name | Username associated with the source |
| Vendor.http-host | url.domain | Alternative URL domain field |
| Vendor.url | url.domain | URL domain (lowercased) |
| Vendor.obj | url.path | URL path |
| Vendor.username | user.name | Username when source.user.name is available |
| source.user.name; | user.name | |
| Vendor.class-name | user.roles[] | User role information |