Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Library Guidance Release Notes Integrations Query Examples Training API GraphQL Search Archives Contact Support

Parsers and Generated Fields

Tag Fields Created by Parser tausight-ephi

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser tausight-ephi

Source Field	CPS Field	Description	Mapping
Destination user name for clipboard activity	Vendor.clipboardActivity.destProcessInfo.userName		destination.user.name
Process ID for clipboard activity	Vendor.clipboardActivity.srcProcessInfo.processId		process.pid
Process executable for clipboard activity	Vendor.clipboardActivity.srcProcessInfo.processName		process.executable
Source user name for clipboard activity	Vendor.clipboardActivity.srcProcessInfo.userName		source.user.name
USB device ID when present	Vendor.deviceAttached.usbDevice.deviceId		device.id
USB device manufacturer when present	Vendor.deviceAttached.usbDevice.manufacturer		device.manufacturer
Email sender address (converted to lowercase)	Vendor.email.sender		email.from.address[]
File extension for copied files	Vendor.fileCopied.destinationFileInfo.fileExtension		file.extension
File group for copied files	Vendor.fileCopied.destinationFileInfo.groupName		file.group
File owner for copied files	Vendor.fileCopied.destinationFileInfo.ownerName		file.owner
Destination file path for copied files	Vendor.fileCopied.destinationFilename		file.path
File extension for deleted files	Vendor.fileDeleted.fileInfo.fileExtension		file.extension
File group for deleted files	Vendor.fileDeleted.fileInfo.groupName		file.group
File owner for deleted files	Vendor.fileDeleted.fileInfo.ownerName		file.owner
File path for deleted files	Vendor.fileDeleted.filename		file.path
File extension for inspected files	Vendor.fileInspected.fileInfo.fileExtension		file.extension
File size for inspected files	Vendor.fileInspected.fileInfo.fileSize		file.size
File group for inspected files	Vendor.fileInspected.fileInfo.groupName		file.group
File owner for inspected files	Vendor.fileInspected.fileInfo.ownerName		file.owner
File path for inspected files	Vendor.fileInspected.filename		file.path
File extension for opened files	Vendor.fileIoActivity.fileOpened.fileExtension		file.extension
File path for opened files	Vendor.fileIoActivity.fileOpened.filename		file.path
Process ID for file I/O activity	Vendor.fileIoActivity.fileOpened.processInfo.processId		process.pid
Process name for file I/O activity	Vendor.fileIoActivity.fileOpened.processInfo.processName		process.name

Enter search term