Parsers and Generated Fields
Tag Fields Created by Parser rubrik-securitycloud
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser rubrik-securitycloud
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| User identifier | auditUserId | user.id | |
| Username | auditUserName | user.name | |
| Error code when errorId exists | errorCode | error.code | |
| Error identifier when present | errorId | error.id | |
| Error message when errorId exists | errorReason | error.message | |
| Name of the event action | eventName | event.action | |
| Event identifier | id | event.id | |
| Severity mapping: info/low->10, warning->30, medium->50, high->70, critical->90 | severity | event.severity | |
| Status mapping: success->success, fail->failure, others->unknown | status | event.outcome |