Parsers and Generated Fields
Tag Fields Created by Parser microsoft-windows-dns
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser microsoft-windows-dns
| Source Field | CPS Field |
|---|---|
| Vendor.RemoteIP | client.ip |
| client.ip; | destination.ip |
| server.ip; | destination.ip |
| Vendor.Flags | dns.header_flags[0] |
| Vendor.PacketID | dns.id |
| Vendor.Opcode | dns.op_code |
| Vendor.QuestionName | dns.question.name |
| Vendor.QuestionType | dns.question.type |
| Vendor.ResponseCode | dns.response_code |
| Vendor.EventReceivedTime | event.created |
| Vendor.XID | event.id |
| Vendor.SourceModuleName | event.module |
| Vendor.Protocol | network.transport |
| Vendor.ThreadID | process.thread.id |
| Vendor.RemoteIP | server.ip |
| client.ip; | source.ip |
| server.ip; | source.ip |
Tag Fields Created by Parser windows-dns
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser windows-dns
| Source Field | CPS Field |
|---|---|
| Vendor.RemoteIP | client.ip |
| Vendor.RemoteIP; | destination.ip |
| Vendor.Flags | dns.header_flags |
| Vendor.PacketID | dns.id |
| Vendor.Opcode | dns.op_code |
| Vendor.QuestionName | dns.question.name |
| Vendor.QuestionType | dns.question.type |
| Vendor.ResponseCode | dns.response_code |
| Vendor.EventReceivedTime | event.created |
| Vendor.XID | event.id |
| Vendor.SourceModuleName | event.module |
| Vendor.Protocol | network.transport |
| Vendor.ThreadID | process.thread.id |
| Vendor.RemoteIP | server.ip |
| Vendor.RemoteIP; | source.ip |