Parsers and Generated Fields
Tag Fields Created by Parser microsoft-windows-dns
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser microsoft-windows-dns
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.RemoteIP | client.ip | |
| client.ip; | destination.ip | |
| server.ip; | destination.ip | |
| Vendor.Flags | dns.header_flags[0] | |
| Vendor.PacketID | dns.id | |
| Vendor.Opcode | dns.op_code | |
| Vendor.QuestionName | dns.question.name | |
| Vendor.QuestionType | dns.question.type | |
| Vendor.ResponseCode | dns.response_code | |
| Vendor.EventReceivedTime | event.created | |
| Vendor.XID | event.id | |
| Vendor.SourceModuleName | event.module | |
| Vendor.Protocol | network.transport | |
| Vendor.ThreadID | process.thread.id | |
| Vendor.RemoteIP | server.ip | |
| client.ip; | source.ip | |
| server.ip; | source.ip |
Tag Fields Created by Parser windows-dns
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser windows-dns
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.RemoteIP | client.ip | |
| Vendor.RemoteIP; | destination.ip | |
| Vendor.Flags | dns.header_flags | |
| Vendor.PacketID | dns.id | |
| Vendor.Opcode | dns.op_code | |
| Vendor.QuestionName | dns.question.name | |
| Vendor.QuestionType | dns.question.type | |
| Vendor.ResponseCode | dns.response_code | |
| Vendor.EventReceivedTime | event.created | |
| Vendor.XID | event.id | |
| Vendor.SourceModuleName | event.module | |
| Vendor.Protocol | network.transport | |
| Vendor.ThreadID | process.thread.id | |
| Vendor.RemoteIP | server.ip | |
| Vendor.RemoteIP; | source.ip |