Parsers and Generated Fields

Tag Fields Created by Parser obsidian-json

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser obsidian-json
Vendor FieldCPS FieldDescription
Vendor.risk_level;Vendor.severity 
Vendor.event_typeevent.action 
Vendor.humanReadableDescription.plainevent.action 
Vendor.summaryevent.action 
Vendor.datetimeevent.created 
Vendor.drift_timestampevent.created 
Vendor.eventDatetimeevent.created 
Vendor.idevent.id 
Vendor.integrationevent.id 
Vendor.event_typeevent.reason 
Vendor.humanReadableDescription.plainevent.reason 
Vendor.transitionevent.reason 
Vendor.config_url_pathevent.url 
Vendor.urlsevent.url 
Vendor.intelligenceCatalogReference.mitreProperties.namethreat.feed.reference 
Vendor.severity;threat.indicator.confidence 
Vendor.intelligenceCatalogReference.mitreProperties.descriptionthreat.indicator.description 
Vendor.namethreat.indicator.name 
Vendor.intelligenceCatalogReference.mitreProperties.urlthreat.indicator.reference 
Vendor.service.namethreat.software.name 
Vendor.intelligenceCatalogReference.taxonomy.tactic.namethreat.tactic.name 
Vendor.intelligenceCatalogReference.taxonomy.technique.namethreat.technique.name 
Vendor.relatedTargetEmails[0]user.email 
Vendor.actors[0].nameuser.full_name 
Vendor.labels.username[0].valueuser.full_name 
Vendor.targets[0].iduser.id