Parsers and Generated Fields
Tag Fields Created by Parser fireeye-nx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser fireeye-nx
| Source Field | CPS Field |
|---|---|
| destination.ip | destination.address |
| Vendor.dst | destination.ip |
| Vendor.dpt | destination.port |
| Vendor.act | event.action |
| Vendor.dvc | host.ip[0] |
| Vendor.dvchost | host.name |
| source.ip | source.address |
| Vendor.src | source.ip |
| Vendor.spt | source.port |
Tag Fields Created by Parser trellix-fireeyenx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser trellix-fireeyenx
| Source Field | CPS Field |
|---|---|
| destination.ip | destination.address |
| Vendor.dst | destination.ip |
| Vendor.dpt | destination.port |
| Vendor.act | event.action |
| Vendor.dvc | host.ip[0] |
| Vendor.dvchost | host.name |
| source.ip | source.address |
| Vendor.src | source.ip |
| Vendor.spt | source.port |