Parsers and Generated Fields
Tag Fields Created by Parser zscaler-internetaccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zscaler-internetaccess
| Source Field | CPS Field |
|---|---|
| Vendor.clt_sport | client.port |
| Vendor.inbytes | destination.bytes |
| Vendor.rxbytes | destination.bytes |
| Vendor.destcountry | destination.geo.country_name |
| Vendor.destinationip | destination.ip |
| Vendor.sdip | destination.ip |
| Vendor.serverip | destination.ip |
| Vendor.srv_dip | destination.ip |
| Vendor.destinationport | destination.port |
| Vendor.sdport | destination.port |
| Vendor.srv_dport | destination.port |
| Vendor.dns_resp | dns.answers.name |
| Vendor.dns_req | dns.question.name |
| Vendor.dns_reqtype | dns.question.type |
| Vendor.action | event.action |
| Vendor.actiontaken | event.action |
| Vendor.event | event.action |
| Vendor.recordid | event.id |
| Vendor.eventreason | event.reason |
| Vendor.reason | event.reason |
| Vendor.riskscore | event.risk_score |
| Vendor.filesource | file.directory |
| Vendor.filesubtype | file.extension |
| Vendor.filetypename | file.extension |
| Vendor.filename | file.name |
| Vendor.owner | file.owner |
| Vendor.filetype | file.type |
| Vendor.company | group.name |
| Vendor.requestsize | http.request.bytes |
| Vendor.requestmethod | http.request.method |
| Vendor.contenttype | http.request.mime_type |
| Vendor.refererURL | http.request.referrer |
| Vendor.responsesize | http.response.bytes |
| Vendor.status | http.response.status_code |
| Vendor.nwapp | network.application |
| Vendor.policy | rule.name |
| Vendor.rulelabel | rule.name |
| Vendor.rulename | rule.name |
| Vendor.ruletype | rule.ruleset |
| Vendor.outbytes | source.bytes |
| Vendor.txbytes | source.bytes |
| Vendor.location | source.geo.name |
| Vendor.ClientIP | source.ip |
| Vendor.clientip | source.ip |
| Vendor.clt_sip | source.ip |
| Vendor.csip | source.ip |
| Vendor.sourceip | source.ip |
| Vendor.ClientIP; | source.nat.ip |
| Vendor.csport | source.port |
| Vendor.sourceport | source.port |
| url.host | url.domain |
| Vendor.fullurl | url.full |
| Vendor.url | url.original |
| Vendor.adminid | user.email |
| Vendor.elogin; | user.email |
| Vendor.login | user.email |
| Vendor.user | user.email |
| Vendor.elogin; | user.name |
| Vendor.user; | user.name |