Parsers and Generated Fields
Tag Fields Created by Parser zscaler-internetaccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zscaler-internetaccess
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.clt_sport | client.port | |
| Vendor.inbytes | destination.bytes | |
| Vendor.rxbytes | destination.bytes | |
| rename(Vendor.destcountry) | destination.geo.country_name | |
| Vendor.destinationip | destination.ip | |
| Vendor.sdip | destination.ip | |
| Vendor.serverip | destination.ip | |
| Vendor.srv_dip | destination.ip | |
| Vendor.destinationport | destination.port | |
| Vendor.sdport | destination.port | |
| Vendor.srv_dport | destination.port | |
| Vendor.dns_req | dns.question.name | |
| Vendor.dns_reqtype | dns.question.type | |
| Vendor.action | event.action | |
| Vendor.actiontaken | event.action | |
| Vendor.event | event.action | |
| Vendor.recordid | event.id | |
| Vendor.eventreason | event.reason | |
| Vendor.reason | event.reason | |
| Vendor.riskscore | event.risk_score | |
| Vendor.filesource | file.directory | |
| Vendor.filesubtype | file.extension | |
| Vendor.filetypename | file.extension | |
| Vendor.filename | file.name | |
| Vendor.owner | file.owner | |
| Vendor.filetype | file.type | |
| Vendor.company | group.name | |
| Vendor.requestsize | http.request.bytes | |
| Vendor.requestmethod | http.request.method | |
| Vendor.contenttype | http.request.mime_type | |
| Vendor.refererURL | http.request.referrer | |
| Vendor.responsesize | http.response.bytes | |
| Vendor.status | http.response.status_code | |
| Vendor.nwapp | network.application | |
| Vendor.policy | rule.name | |
| Vendor.rulelabel | rule.name | |
| Vendor.rulename | rule.name | |
| Vendor.threatname | rule.name | |
| Vendor.ruletype | rule.ruleset | |
| Vendor.outbytes | source.bytes | |
| Vendor.txbytes | source.bytes | |
| Vendor.location | source.geo.name | |
| Vendor.ClientIP | source.ip | |
| Vendor.clientip | source.ip | |
| Vendor.clt_sip | source.ip | |
| Vendor.csip | source.ip | |
| Vendor.sourceip | source.ip | |
| source.ip; | source.nat.ip | |
| Vendor.csport | source.port | |
| Vendor.sourceport | source.port | |
| Vendor.hostname | url.domain | |
| Vendor.fullurl | url.full | |
| Vendor.url | url.original | |
| Vendor.adminid | user.email | |
| Vendor.elogin | user.email | |
| Vendor.login | user.email | |
| rename(Vendor.user) | user.email | |
| Vendor.elogin | user.name | |
| Vendor.user | user.name |