Parsers and Generated Fields
Tag Fields Created by Parser clicksBlocked-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser clicksBlocked-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.clickIP | destination.ip | |
| Vendor.GUID | email.local_id | |
| Vendor.messageID | email.message_id | |
| Vendor.id | event.id | |
| Vendor.senderIP | source.ip | |
| url.host | url.domain | |
| Vendor.url | url.full | |
| Vendor.userAgent | user_agent.original |
Tag Fields Created by Parser clicksPermitted-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser clicksPermitted-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.clickIP | destination.ip | |
| Vendor.GUID | email.local_id | |
| Vendor.messageID | email.message_id | |
| Vendor.id | event.id | |
| Vendor.senderIP | source.ip | |
| url.host | url.domain | |
| Vendor.url | url.full | |
| Vendor.userAgent | user_agent.original |
Tag Fields Created by Parser messagesBlocked-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser messagesBlocked-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.messageParts[0].contentType | email.attachments[0].file.mime_type | |
| Vendor.messageParts[0].filename | email.attachments[0].file.name | |
| Vendor.messageParts[1].contentType | email.attachments[1].file.mime_type | |
| Vendor.messageParts[1].filename | email.attachments[1].file.name | |
| Vendor.messageParts[2].contentType | email.attachments[2].file.mime_type | |
| Vendor.messageParts[2].filename | email.attachments[2].file.name | |
| Vendor.messageParts[3].contentType | email.attachments[3].file.mime_type | |
| Vendor.messageParts[3].filename | email.attachments[3].file.name | |
| Vendor.messageParts[4].contentType | email.attachments[4].file.mime_type | |
| Vendor.messageParts[4].filename | email.attachments[4].file.name | |
| Vendor.GUID | email.local_id | |
| Vendor.messageID | email.message_id | |
| Vendor.subject | email.subject | |
| Vendor.xmailer | email.x_mailer | |
| Vendor.id | event.id | |
| Vendor.senderIP | source.ip |
Tag Fields Created by Parser messagesDelivered-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser messagesDelivered-json
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.messageParts[0].contentType | email.attachments[0].file.mime_type | |
| Vendor.messageParts[0].filename | email.attachments[0].file.name | |
| Vendor.messageParts[1].contentType | email.attachments[1].file.mime_type | |
| Vendor.messageParts[1].filename | email.attachments[1].file.name | |
| Vendor.messageParts[2].contentType | email.attachments[2].file.mime_type | |
| Vendor.messageParts[2].filename | email.attachments[2].file.name | |
| Vendor.messageParts[3].contentType | email.attachments[3].file.mime_type | |
| Vendor.messageParts[3].filename | email.attachments[3].file.name | |
| Vendor.messageParts[4].contentType | email.attachments[4].file.mime_type | |
| Vendor.messageParts[4].filename | email.attachments[4].file.name | |
| Vendor.GUID | email.local_id | |
| Vendor.messageID | email.message_id | |
| Vendor.subject | email.subject | |
| Vendor.xmailer | email.x_mailer | |
| Vendor.id | event.id | |
| Vendor.senderIP | source.ip |