Parsers and Generated Fields
Tag Fields Created by Parser trellix-fireeyenx
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser trellix-fireeyenx
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | None |
| `host.ip[]` | Array | Vendor.dvc |
| `host.mac[]` | Array | Vendor.dvcmac |
| `destination.address` | Copied | Vendor.dst (indirect) |
| `destination.ip` | Copied | Vendor.dst |
| `destination.port` | Copied | Vendor.dpt |
| `event.action` | Copied | Vendor.act |
| `host.name` | Copied | Vendor.dvchost |
| `source.address` | Copied | Vendor.src (indirect) |
| `source.ip` | Copied | Vendor.src |
| `source.port` | Copied | Vendor.spt |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| `destination.mac` | Transformed | Vendor.dmac |
| `source.mac` | Transformed | Vendor.smac |
| destination.ip | destination.address | |
| Vendor.dst | destination.ip | |
| Vendor.dpt | destination.port | |
| Vendor.act | event.action | |
| Vendor.dvchost | host.name | |
| source.ip | source.address | |
| Vendor.src | source.ip | |
| Vendor.spt | source.port |