Parsers and Generated Fields
Tag Fields Created by Parser deception
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser deception
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.web.user | agent.name |
| Vendor.web.status | code |
| Vendor.id | event.id |
| Vendor.web.method | http.request.method |
| Vendor.linux.command | line |
| Vendor.network.protocol | network.protocol |
| Vendor.linux.process | process.name |
| Vendor.linux.pid | process.pid |
| Vendor.linux.user | process.user.name |
| Vendor.score | score |
| threat.indicator.ip | source.ip |
| threat.indicator.port | source.port |
| Vendor.attacker.name | threat.indicator.name |
| Vendor.attacker.port | threat.indicator.port |
| Vendor.type | threat.indicator.type |
| Vendor.ssl.cipher | tls.cipher |
| Vendor.ssl.version | tls.version |
| Vendor.web.host | url.domain |
| Vendor.web.uri | url.full |
| Vendor.web.scheme | url.scheme |