Parsers and Generated Fields
Tag Fields Created by Parser trellix-fireeyenx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser trellix-fireeyenx
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.dst | destination.address | Destination address (same as IP) |
| destination.ip | destination.address | |
| Vendor.dst | destination.ip | Destination IP address |
| Vendor.dmac | destination.mac | Destination MAC address (formatted with dashes and uppercase) |
| Vendor.dpt | destination.port | Destination port number |
| Vendor.act | event.action | Direct mapping of action field |
| Vendor.dvc | host.ip[0] | Device IP address (array format) |
| Vendor.dvcmac | host.mac[0] | Device MAC address (formatted with dashes and uppercase) |
| Vendor.dvchost | host.name | Device hostname |
| Vendor.src | source.address | Source address (same as IP) |
| source.ip | source.address | |
| Vendor.src | source.ip | Source IP address |
| Vendor.smac | source.mac | Source MAC address (formatted with dashes and uppercase) |
| Vendor.spt | source.port | Source port number |