Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser tausight-ephi

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser tausight-ephi

Vendor Field	CPS Field	Description
Vendor.clipboardActivity.destProcessInfo.userName	destination.user.name	Destination user name for clipboard activity
Vendor.deviceAttached.usbDevice.deviceId	device.id	USB device ID when present
Vendor.encryptionChanged.tauDeviceId	device.id
Vendor.deviceAttached.usbDevice.manufacturer	device.manufacturer	USB device manufacturer when present
Vendor.encryptionChanged.logicalDisk.driveInfo.manufacturer	device.manufacturer
Vendor.encryptionChanged.logicalDisk.driveInfo.model	device.model.name
Vendor.encryptionChanged.logicalDisk.driveInfo.serialNumber	device.serial_number
Vendor.email.sender	email.from.address[]	Email sender address (converted to lowercase)
Vendor.sequenceNumber	event.sequence
Vendor.fileCopied.destinationFileInfo.fileExtension	file.extension	File extension for copied files
Vendor.fileDeleted.fileInfo.fileExtension	file.extension	File extension for deleted files
Vendor.fileInspected.fileInfo.fileExtension	file.extension	File extension for inspected files
Vendor.fileIoActivity.fileOpened.fileExtension	file.extension	File extension for opened files
Vendor.fileCopied.destinationFileInfo.groupName	file.group	File group for copied files
Vendor.fileDeleted.fileInfo.groupName	file.group	File group for deleted files
Vendor.fileInspected.fileInfo.groupName	file.group	File group for inspected files
Vendor.fileCopied.destinationFileInfo.ownerName	file.owner	File owner for copied files
Vendor.fileDeleted.fileInfo.ownerName	file.owner	File owner for deleted files
Vendor.fileInspected.fileInfo.ownerName	file.owner	File owner for inspected files
Vendor.fileCopied.destinationFilename	file.path	Destination file path for copied files
Vendor.fileDeleted.filename	file.path	File path for deleted files
Vendor.fileInspected.filename	file.path	File path for inspected files
Vendor.fileIoActivity.fileOpened.filename	file.path	File path for opened files
Vendor.fileInspected.fileInfo.fileSize	file.size	File size for inspected files
Vendor.clipboardActivity.srcProcessInfo.processName	process.executable	Process executable for clipboard activity
Vendor.fileIoActivity.fileOpened.processInfo.processName	process.name	Process name for file I/O activity
Vendor.clipboardActivity.srcProcessInfo.processId	process.pid	Process ID for clipboard activity
Vendor.fileIoActivity.fileOpened.processInfo.processId	process.pid	Process ID for file I/O activity
Vendor.clipboardActivity.srcProcessInfo.userName	source.user.name	Source user name for clipboard activity

Enter search term