Parsers and Generated Fields

Tag Fields Created by Parser rubrik-securitycloud

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser rubrik-securitycloud
Vendor FieldCPS FieldDescription
Vendor.errorCodeerror.code 
errorCodeerror.codeError code when errorId exists
Vendor.errorIderror.id 
errorIderror.idError identifier when present
Vendor.errorReasonerror.message 
errorReasonerror.messageError message when errorId exists
Vendor.eventNameevent.action 
eventNameevent.actionName of the event action
Vendor.idevent.id 
idevent.idEvent identifier
statusevent.outcome Status mapping: success->success, fail->failure, others->unknown
severityevent.severity Severity mapping: info/low->10, warning->30, medium->50, high->70, critical->90
Vendor.auditUserIduser.id 
auditUserIduser.idUser identifier
Vendor.auditUserNameuser.name 
auditUserNameuser.nameUsername