Parsers and Generated Fields
Tag Fields Created by Parser netgate-pfsense
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser netgate-pfsense
| Vendor Field | CPS Field | Description |
|---|---|---|
| netgate | Vendor | |
| Vendor.dst_ip | destination.ip | Destination IP address |
| Vendor.dst_port | destination.port | Destination port number |
| Vendor.action | event.action | Action taken by the firewall (pass/block) |
| network | event.category[0] | |
| pfsense.filterlog | event.dataset | |
| event | event.kind | |
| pfsense | event.module | |
| failure | event.outcome | |
| success | event.outcome | |
| unknown | event.outcome | |
| Vendor.reason | event.reason | Reason for the firewall action |
| connection | event.type[0] | |
| allowed | event.type[1] | |
| denied | event.type[1] | |
| Vendor.protocol | network.transport | Protocol used for network transport |
| Vendor.rule_number | rule.id | Firewall rule identifier |
| Vendor.src_ip | source.ip | Source IP address |
| Vendor.src_port | source.port | Source port number |