Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser deception

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser deception

Source Field	CPS Field
Vendor.id	event.id
Vendor.score	event.risk_score
Vendor.web.method	http.request.method
Vendor.web.status	http.response.status_code
Vendor.network.protocol	network.protocol
Vendor.linux.command_line	process.command_line
Vendor.linux.process_name	process.name
Vendor.linux.pid	process.pid
Vendor.linux.user	process.user.name
threat.indicator.ip	source.ip
threat.indicator.port	source.port
Vendor.attacker.name	threat.indicator.name
Vendor.attacker.port	threat.indicator.port
Vendor.type	threat.indicator.type
Vendor.ssl.cipher	tls.cipher
Vendor.ssl.version	tls.version
Vendor.web.host	url.domain
Vendor.web.uri	url.full
Vendor.web.scheme	url.scheme
Vendor.web.user_agent.string	user_agent.name

Tag Fields Created by Parser zscaler-deception

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser zscaler-deception

Source Field	CPS Field
Vendor.id	event.id
Vendor.score	event.risk_score
Vendor.web.method	http.request.method
Vendor.web.status	http.response.status_code
Vendor.network.protocol	network.protocol
Vendor.linux.command_line	process.command_line
Vendor.linux.process_name	process.name
Vendor.linux.pid	process.pid
Vendor.linux.user	process.user.name
threat.indicator.ip	source.ip
threat.indicator.port	source.port
Vendor.attacker.name	threat.indicator.name
Vendor.attacker.port	threat.indicator.port
Vendor.type	threat.indicator.type
Vendor.ssl.cipher	tls.cipher
Vendor.ssl.version	tls.version
Vendor.web.host	url.domain
Vendor.web.uri	url.full
Vendor.web.scheme	url.scheme
Vendor.web.user_agent.string	user_agent.name

Enter search term