Parsers and Generated Fields
Tag Fields Created by Parser rubrik-securitycloud
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser rubrik-securitycloud
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| User identifier | auditUserId | Â | user.id |
| Username | auditUserName | Â | user.name |
| Error code when errorId exists | errorCode | Â | error.code |
| Error identifier when present | errorId | Â | error.id |
| Error message when errorId exists | errorReason | Â | error.message |
| Name of the event action | eventName | Â | event.action |
| Event identifier | id | Â | event.id |
| Severity mapping: info/low->10, warning->30, medium->50, high->70, critical->90 | severity | Â | event.severity |
| Status mapping: success->success, fail->failure, others->unknown | status | Â | event.outcome |