Parsers and Generated Fields
Tag Fields Created by Parser clicksBlocked-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser clicksBlocked-json
| Source Field | CPS Field |
|---|---|
| Vendor.clickIP | destination.ip |
| Vendor.GUID | email.local_id |
| Vendor.messageID | email.message_id |
| Vendor.id | event.id |
| Vendor.senderIP | source.ip |
| url.host | url.domain |
| Vendor.url | url.full |
| Vendor.userAgent | user_agent.original |
Tag Fields Created by Parser clicksPermitted-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser clicksPermitted-json
| Source Field | CPS Field |
|---|---|
| Vendor.clickIP | destination.ip |
| Vendor.GUID | email.local_id |
| Vendor.messageID | email.message_id |
| Vendor.id | event.id |
| Vendor.senderIP | source.ip |
| url.host | url.domain |
| Vendor.url | url.full |
| Vendor.userAgent | user_agent.original |
Tag Fields Created by Parser messagesBlocked-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser messagesBlocked-json
| Source Field | CPS Field |
|---|---|
| Vendor.messageParts[0].contentType | email.attachments[0].file.mime_type |
| Vendor.messageParts[0].filename | email.attachments[0].file.name |
| Vendor.messageParts[1].contentType | email.attachments[1].file.mime_type |
| Vendor.messageParts[1].filename | email.attachments[1].file.name |
| Vendor.messageParts[2].contentType | email.attachments[2].file.mime_type |
| Vendor.messageParts[2].filename | email.attachments[2].file.name |
| Vendor.messageParts[3].contentType | email.attachments[3].file.mime_type |
| Vendor.messageParts[3].filename | email.attachments[3].file.name |
| Vendor.messageParts[4].contentType | email.attachments[4].file.mime_type |
| Vendor.messageParts[4].filename | email.attachments[4].file.name |
| Vendor.GUID | email.local_id |
| Vendor.messageID | email.message_id |
| Vendor.subject | email.subject |
| Vendor.xmailer | email.x_mailer |
| Vendor.id | event.id |
| Vendor.senderIP | source.ip |
Tag Fields Created by Parser messagesDelivered-json
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser messagesDelivered-json
| Source Field | CPS Field |
|---|---|
| Vendor.messageParts[0].contentType | email.attachments[0].file.mime_type |
| Vendor.messageParts[0].filename | email.attachments[0].file.name |
| Vendor.messageParts[1].contentType | email.attachments[1].file.mime_type |
| Vendor.messageParts[1].filename | email.attachments[1].file.name |
| Vendor.messageParts[2].contentType | email.attachments[2].file.mime_type |
| Vendor.messageParts[2].filename | email.attachments[2].file.name |
| Vendor.messageParts[3].contentType | email.attachments[3].file.mime_type |
| Vendor.messageParts[3].filename | email.attachments[3].file.name |
| Vendor.messageParts[4].contentType | email.attachments[4].file.mime_type |
| Vendor.messageParts[4].filename | email.attachments[4].file.name |
| Vendor.GUID | email.local_id |
| Vendor.messageID | email.message_id |
| Vendor.subject | email.subject |
| Vendor.xmailer | email.x_mailer |
| Vendor.id | event.id |
| Vendor.senderIP | source.ip |