Parsers and Generated Fields
Tag Fields Created by Parser zoom-qss
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zoom-qss
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| Static value event | - | Â | event.kind |
| Maps session if event contains session, network if IP address present, else session | event | Â | event.category[] |
| User's email address | participant.email | Â | user.email |
| Participant user ID | participant_user_id | Â | user.id |
| MAC address of device | payload.object.participant.data.mac_addr | Â | host.mac |
| PC hostname | payload.object.participant.pc_name | Â | host.hostname |
| User ID from payload | payload.object.user.id | Â | user.id |
| Username from payload | payload.object.user.name | Â | user.name |