Parsers and Generated Fields
Tag Fields Created by Parser island-enterprisebrowser
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser island-enterprisebrowser
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.action | event.action | For admin actions |
| Vendor.message.type | event.action | Action type |
| Vendor.action | event.action | |
| Vendor.message.type | event.action | |
| Vendor.message.source | event.category[0] | For network events |
| Vendor.message.verdict | event.outcome | For blocked verdicts |
| Vendor.hostname | host.hostname | Hostname in lowercase |
| Vendor.message.ruleId | rule.id | ID of the rule that triggered |
| Vendor.message.ruleName | rule.name | Name of the rule that triggered |
| Vendor.message.sourceIp | source.ip | Source IP address for network events |
| Vendor.message.sourceIp | source.ip | |
| Vendor.message.publicIp | source.nat.ip | Public/NAT IP address |
| Vendor.message.publicIp | source.nat.ip | |
| url.host | url.domain | Domain extracted from URL and converted to lowercase |
| url.host | url.domain | |
| Vendor.message.topLevelUrl | url.original | Original URL for parsing |
| Vendor.message.topLevelUrl | url.original | |
| Vendor.message.email | user.email | User email address |
| Vendor.message.email | user.email | |
| Vendor.message.userId | user.id | User identifier |
| Vendor.message.userId | user.id | |
| Vendor.message.userName | user.name | Username |
| Vendor.message.userName | user.name | |
| Vendor.message.entityId | user.target.id | Target user ID for admin actions |
| Vendor.message.entityId | user.target.id | |
| Vendor.message.entityName | user.target.name | Target user name for admin actions |
| Vendor.message.entityName | user.target.name |