Parsers and Generated Fields
Tag Fields Created by Parser zscaler-internetaccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zscaler-internetaccess
Source Field | CPS Field |
---|---|
Vendor.clt_sport | client.port |
Vendor.inbytes | destination.bytes |
Vendor.rxbytes | destination.bytes |
Vendor.destcountry | destination.geo.country_name |
Vendor.destinationip | destination.ip |
Vendor.sdip | destination.ip |
Vendor.serverip | destination.ip |
Vendor.srv_dip | destination.ip |
Vendor.destinationport | destination.port |
Vendor.sdport | destination.port |
Vendor.srv_dport | destination.port |
Vendor.dns_resp | dns.answers[0].name |
Vendor.dns_req | dns.question.name |
Vendor.dns_reqtype | dns.question.type |
Vendor.action | event.action |
Vendor.actiontaken | event.action |
Vendor.event | event.action |
Vendor.recordid | event.id |
Vendor.eventreason | event.reason |
Vendor.reason | event.reason |
Vendor.riskscore | event.risk_score |
Vendor.filesource | file.directory |
Vendor.filesubtype | file.extension |
Vendor.filetypename | file.extension |
Vendor.filename | file.name |
Vendor.owner | file.owner |
Vendor.filetype | file.type |
Vendor.company | group.name |
Vendor.requestsize | http.request.bytes |
Vendor.requestmethod | http.request.method |
Vendor.contenttype | http.request.mime_type |
Vendor.refererURL | http.request.referrer |
Vendor.responsesize | http.response.bytes |
Vendor.status | http.response.status_code |
Vendor.nwapp | network.application |
Vendor.policy | rule.name |
Vendor.rulelabel | rule.name |
Vendor.rulename | rule.name |
Vendor.ruletype | rule.ruleset |
Vendor.outbytes | source.bytes |
Vendor.txbytes | source.bytes |
Vendor.location | source.geo.name |
Vendor.ClientIP | source.ip |
Vendor.clientip | source.ip |
Vendor.clt_sip | source.ip |
Vendor.csip | source.ip |
Vendor.sourceip | source.ip |
Vendor.ClientIP; | source.nat.ip |
Vendor.csport | source.port |
Vendor.sourceport | source.port |
url.host | url.domain |
Vendor.fullurl | url.full |
Vendor.url | url.original |
Vendor.adminid | user.email |
Vendor.elogin; | user.email |
Vendor.login | user.email |
Vendor.user | user.email |
Vendor.elogin; | user.name |
Vendor.user; | user.name |