Parsers and Generated Fields
Tag Fields Created by Parser obsidian-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser obsidian-json
Source Field | LogScale Repository Field |
---|---|
Vendor.risk | Vendor.severity |
Vendor.event | event.action |
Vendor.humanReadableDescription.plain | event.action |
Vendor.summary | event.action |
Vendor.datetime | event.created |
Vendor.drift | event.created |
Vendor.eventDatetime | event.created |
Vendor.id | event.id |
Vendor.integration | event.id |
Vendor.event | event.reason |
Vendor.humanReadableDescription.plain | event.reason |
Vendor.transition | event.reason |
Vendor.config | event.url |
Vendor.urls | event.url |
Vendor.actors[0].name | name |
Vendor.labels.username[0].value | name |
Vendor.intelligenceCatalogReference.mitreProperties.name | threat.feed.reference |
Vendor.severity | threat.indicator.confidence |
Vendor.intelligenceCatalogReference.mitreProperties.description | threat.indicator.description |
Vendor.name | threat.indicator.name |
Vendor.intelligenceCatalogReference.mitreProperties.url | threat.indicator.reference |
Vendor.service.name | threat.software.name |
Vendor.intelligenceCatalogReference.taxonomy.tactic.name | threat.tactic.name |
Vendor.intelligenceCatalogReference.taxonomy.technique.name | threat.technique.name |
Vendor.relatedTargetEmails[0] | user.email |
Vendor.targets[0].id | user.id |