Parsers and Generated Fields
Tag Fields Created by Parser obsidian-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser obsidian-json
| Source Field | CPS Field |
|---|---|
| Vendor.risk_level; | Vendor.severity |
| Vendor.event_type | event.action |
| Vendor.humanReadableDescription.plain | event.action |
| Vendor.summary | event.action |
| Vendor.datetime | event.created |
| Vendor.drift_timestamp | event.created |
| Vendor.eventDatetime | event.created |
| Vendor.id | event.id |
| Vendor.integration | event.id |
| Vendor.event_type | event.reason |
| Vendor.humanReadableDescription.plain | event.reason |
| Vendor.transition | event.reason |
| Vendor.config_url_path | event.url |
| Vendor.urls | event.url |
| Vendor.intelligenceCatalogReference.mitreProperties.name | threat.feed.reference |
| Vendor.severity; | threat.indicator.confidence |
| Vendor.intelligenceCatalogReference.mitreProperties.description | threat.indicator.description |
| Vendor.name | threat.indicator.name |
| Vendor.intelligenceCatalogReference.mitreProperties.url | threat.indicator.reference |
| Vendor.service.name | threat.software.name |
| Vendor.intelligenceCatalogReference.taxonomy.tactic.name | threat.tactic.name |
| Vendor.intelligenceCatalogReference.taxonomy.technique.name | threat.technique.name |
| Vendor.relatedTargetEmails[0] | user.email |
| Vendor.actors[0].name | user.full_name |
| Vendor.labels.username[0].value | user.full_name |
| Vendor.targets[0].id | user.id |