Parsers and Generated Fields

Vendor Field	CPS Field	Description
Vendor.dhost	destination.address
Vendor.dst	destination.ip
Vendor.dmac	destination.mac
Vendor.dpt	destination.port
Vendor.device.vendor	device.manufacturer
Vendor.label.Name	event.action
Vendor.Id	event.id
Vendor.event_class_id	event.reason
Vendor.Risk	event.risk_score
Vendor.severity	event.severity
Vendor.start	event.start
Vendor.app	log.syslog.appname
Vendor.proto	network.transport
Vendor.dvchost	observer.hostname
Vendor.dvc	observer.ip[0]
Vendor.device.product	observer.os.name
Vendor.device.version	observer.os.version
Vendor.n2os_schema	observer.version
Vendor.trigger_type	rule.category
Vendor.trigger_id	rule.id
Vendor.shost	source.address
Vendor.src	source.ip
Vendor.smac	source.mac
Vendor.dpt	source.port
Vendor.Mitre_attack_techniques	threat.tactic.id[0]
Vendor.Mitre_attack_tactics	threat.tactic.name[0]

Vendor Field	CPS Field	Description
Vendor.dhost	destination.address
Vendor.dst	destination.ip
Vendor.dmac	destination.mac
Vendor.dpt	destination.port
Vendor.device.vendor	device.manufacturer
Vendor.label.Name	event.action
Vendor.Id	event.id
Vendor.event_class_id	event.reason
Vendor.Risk	event.risk_score
Vendor.severity	event.severity
Vendor.start	event.start
Vendor.app	log.syslog.appname
Vendor.proto	network.transport
Vendor.dvchost	observer.address
Vendor.dvc	observer.ip
Vendor.device.product	observer.os.name
Vendor.device.version	observer.os.version
Vendor.n2os_schema	observer.version
Vendor.trigger_type	rule.category
Vendor.trigger_id	rule.id
Vendor.shost	source.address
Vendor.src	source.ip
Vendor.smac	source.mac
Vendor.dpt	source.port
Vendor.Mitre_attack_techniques	threat.tactic.id
Vendor.Mitre_attack_tactics	threat.tactic.name