Parsers and Generated Fields

Tag Fields Created by Parser radware-alteon

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser radware-alteon
Vendor FieldCPS FieldDescription
`event.category[]`ArrayNone
`event.type[]`ArrayNone
`client.ip`ConditionalVendor.keys.WAFObservedIP, Vendor.keys.SrcIp
`event.outcome`Conditionalhttp.response.status_code
`destination.ip`Copiedserver.ip
`destination.port`Copiedserver.port
`http.request.method`CopiedVendor.keys.Method
`http.response.status_code`CopiedVendor.keys.ResponseCode
`server.ip`CopiedVendor.keys.DstIP
`server.port`CopiedVendor.keys.DstPort
`source.ip`Copiedclient.ip
`url.full`Copiedurl.original
`url.original`CopiedVendor.keys.URL
`user_agent.original`CopiedVendor.keys.UserAgent
`@timestamp`Extractedlog.syslog.timestamp
`log.syslog.appname`Extracted_remaining
`log.syslog.hostname`Extracted_remaining
`log.syslog.msgid`Extracted_remaining
`log.syslog.priority`Extracted@rawstring
`log.syslog.procid`Extracted_remaining
`log.syslog.severity.name`ExtractedVendor.message
`log.syslog.timestamp`Extracted_remaining
`log.syslog.version`Extracted@rawstring
`user.full_name`ExtractedVendor.keys.CWSID
`user.id`ExtractedVendor.keys.CWSID
`user.name`ExtractedVendor.keys.CWSID
`url.domain`Parsedurl.original
`ecs.version`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
Vendor.keys.SrcIpclient.ip 
Vendor.keys.WAFObservedIPclient.ip 
server.ipdestination.ip 
server.portdestination.port 
Vendor.keys.Methodhttp.request.method 
Vendor.keys.ResponseCodehttp.response.status_code 
Vendor.keys.DstIPserver.ip 
Vendor.keys.DstPortserver.port 
client.ipsource.ip 
url.originalurl.full 
Vendor.keys.URLurl.original 
Vendor.keys.UserAgentuser_agent.original