Parsers and Generated Fields
Tag Fields Created by Parser tausight-ephi
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser tausight-ephi
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.clipboardActivity.destProcessInfo.userName | destination.user.name | Destination user for clipboard activity |
| Vendor.clipboardActivity.destProcessInfo.userName | destination.user.name | |
| Vendor.deviceAttached.usbDevice.deviceId | device.id | USB device identifier |
| Vendor.encryptionChanged.tauDeviceId | device.id | Device ID for encryption changes |
| Vendor.deviceAttached.usbDevice.deviceId | device.id | |
| Vendor.deviceAttached.usbDevice.manufacturer | device.manufacturer | USB device manufacturer |
| Vendor.encryptionChanged.logicalDisk.driveInfo.manufacturer | device.manufacturer | Drive manufacturer for encryption changes |
| Vendor.deviceAttached.usbDevice.manufacturer | device.manufacturer | |
| Vendor.encryptionChanged.logicalDisk.driveInfo.model | device.model.name | Drive model for encryption changes |
| Vendor.encryptionChanged.logicalDisk.driveInfo.serialNumber | device.serial_number | Drive serial number for encryption changes |
| Vendor.sequenceNumber | event.sequence | |
| Vendor.fileCopied.destinationFileInfo.fileExtension | file.extension | |
| Vendor.fileDeleted.fileInfo.fileExtension | file.extension | |
| Vendor.fileInspected.fileInfo.fileExtension | file.extension | |
| Vendor.fileIoActivity.fileOpened.fileExtension | file.extension | |
| Vendor.fileCopied.destinationFileInfo.groupName | file.group | |
| Vendor.fileDeleted.fileInfo.groupName | file.group | |
| Vendor.fileInspected.fileInfo.groupName | file.group | |
| Vendor.fileCopied.destinationFileInfo.ownerName | file.owner | |
| Vendor.fileDeleted.fileInfo.ownerName | file.owner | |
| Vendor.fileInspected.fileInfo.ownerName | file.owner | |
| Vendor.fileCopied.destinationFilename | file.path | |
| Vendor.fileDeleted.filename | file.path | |
| Vendor.fileInspected.filename | file.path | |
| Vendor.fileIoActivity.fileOpened.filename | file.path | |
| Vendor.fileInspected.fileInfo.fileSize | file.size | |
| Vendor.deviceAttached.networkAdapter.ipAddress | host.ip | Network adapter IP address |
| Vendor.deviceAttached.networkAdapter.macAddress | host.mac | Network adapter MAC address (formatted with hyphens) |
| Vendor.clipboardActivity.srcProcessInfo.processName | process.executable | |
| Vendor.fileIoActivity.fileOpened.processInfo.processName | process.name | |
| Vendor.clipboardActivity.srcProcessInfo.processId | process.pid | |
| Vendor.fileIoActivity.fileOpened.processInfo.processId | process.pid | |
| Vendor.clipboardActivity.srcProcessInfo.userName | source.user.name | Source user for clipboard activity |
| Vendor.clipboardActivity.srcProcessInfo.userName | source.user.name |