Parsers and Generated Fields

Tag Fields Created by Parser zscaler-internetaccess
  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser zscaler-internetaccess
Source FieldCPS Field
Vendor.clt_sportclient.port
Vendor.inbytesdestination.bytes
Vendor.rxbytesdestination.bytes
Vendor.destcountrydestination.geo.country_name
Vendor.destinationipdestination.ip
Vendor.sdipdestination.ip
Vendor.serveripdestination.ip
Vendor.srv_dipdestination.ip
Vendor.destinationportdestination.port
Vendor.sdportdestination.port
Vendor.srv_dportdestination.port
Vendor.dns_respdns.answers[0].name
Vendor.dns_reqdns.question.name
Vendor.dns_reqtypedns.question.type
Vendor.actionevent.action
Vendor.actiontakenevent.action
Vendor.eventevent.action
Vendor.recordidevent.id
Vendor.eventreasonevent.reason
Vendor.reasonevent.reason
Vendor.riskscoreevent.risk_score
Vendor.filesourcefile.directory
Vendor.filesubtypefile.extension
Vendor.filetypenamefile.extension
Vendor.filenamefile.name
Vendor.ownerfile.owner
Vendor.filetypefile.type
Vendor.companygroup.name
Vendor.requestsizehttp.request.bytes
Vendor.requestmethodhttp.request.method
Vendor.contenttypehttp.request.mime_type
Vendor.refererURLhttp.request.referrer
Vendor.responsesizehttp.response.bytes
Vendor.statushttp.response.status_code
Vendor.nwappnetwork.application
Vendor.policyrule.name
Vendor.rulelabelrule.name
Vendor.rulenamerule.name
Vendor.ruletyperule.ruleset
Vendor.outbytessource.bytes
Vendor.txbytessource.bytes
Vendor.locationsource.geo.name
Vendor.ClientIPsource.ip
Vendor.clientipsource.ip
Vendor.clt_sipsource.ip
Vendor.csipsource.ip
Vendor.sourceipsource.ip
Vendor.ClientIP;source.nat.ip
Vendor.csportsource.port
Vendor.sourceportsource.port
url.hosturl.domain
Vendor.fullurlurl.full
Vendor.urlurl.original
Vendor.adminiduser.email
Vendor.elogin;user.email
Vendor.loginuser.email
Vendor.useruser.email
Vendor.elogin;user.name
Vendor.user;user.name