Parsers and Generated Fields
Tag Fields Created by Parser zoom-qss
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zoom-qss
| Vendor Field | CPS Field | Description |
|---|---|---|
| event | event.category[] | Maps "session" if event contains "session", "network" if IP address present, else "session" |
| - | event.kind | Static value "event" |
| - | event.type[] | Static value "info" |
| Vendor.payload.object.participant.pc_name | host.hostname | |
| payload.object.participant.pc_name | host.hostname | PC hostname |
| payload.object.participant.data.mac_addr | host.mac | MAC address of device |
| Vendor.participant.email | user.email | |
| participant.email | user.email | User's email address |
| Vendor.participant_user_id | user.id | |
| Vendor.payload.object.user.id | user.id | |
| participant_user_id | user.id | Participant user ID |
| payload.object.user.id | user.id | User ID from payload |
| Vendor.payload.object.user.name | user.name | |
| payload.object.user.name | user.name | Username from payload |