Parsers and Generated Fields
Tag Fields Created by Parser zoom-qss
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zoom-qss
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| Static value event | - | event.kind | |
| Maps session if event contains session, network if IP address present, else session | event | event.category[] | |
| User's email address | participant.email | user.email | |
| Participant user ID | participant_user_id | user.id | |
| MAC address of device | payload.object.participant.data.mac_addr | host.mac | |
| PC hostname | payload.object.participant.pc_name | host.hostname | |
| User ID from payload | payload.object.user.id | user.id | |
| Username from payload | payload.object.user.name | user.name |