Parsers and Generated Fields
Tag Fields Created by Parser deception
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser deception
Source Field | LogScale Repository Field |
---|---|
Vendor.web.user | agent.name |
Vendor.web.status | code |
Vendor.id | event.id |
Vendor.web.method | http.request.method |
Vendor.linux.command | line |
Vendor.network.protocol | network.protocol |
Vendor.linux.process | process.name |
Vendor.linux.pid | process.pid |
Vendor.linux.user | process.user.name |
Vendor.score | score |
threat.indicator.ip | source.ip |
threat.indicator.port | source.port |
Vendor.attacker.name | threat.indicator.name |
Vendor.attacker.port | threat.indicator.port |
Vendor.type | threat.indicator.type |
Vendor.ssl.cipher | tls.cipher |
Vendor.ssl.version | tls.version |
Vendor.web.host | url.domain |
Vendor.web.uri | url.full |
Vendor.web.scheme | url.scheme |