Module usiem::events::field_dictionary [−][src]
Statics
DESTINATION_BYTES | Amount of bytes sent by the remote host |
DESTINATION_IP | |
DESTINATION_PORT | |
DNS_ANSWER_CLASS | |
DNS_ANSWER_DATA | |
DNS_ANSWER_NAME | |
DNS_ANSWER_TTL | |
DNS_ANSWER_TYPE | |
DNS_OP_CODE | |
DNS_QUESTION_CLASS | |
DNS_QUESTION_NAME | |
DNS_QUESTION_TYPE | |
DNS_RESOLVED_IP | |
EVENT_ACTION | The action captured by the event. This describes the information in the event. It is more specific than event.category. Examples are group-add, process-started, file-created. The value is normally defined by the implementer. |
EVENT_CATEGORY | event.category represents the “big buckets” of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. Valudes: authentication, configuration, database, driver, file, host, iam, intrusion_detection, malware, network, package, process, web |
EVENT_CODE | Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. |
EVENT_OUTCOME | |
HTTP_REQUEST_METHOD | |
HTTP_RESPONSE_MIME_TYPE | |
HTTP_RESPONSE_STATUS_CODE | |
IN_INTERFACE | |
NETWORK_DURATION | |
NETWORK_PROTOCOL | |
NETWORK_TRANSPORT | |
OBSERVER_IP | |
OBSERVER_NAME | |
OUT_INTERFACE | |
RULE_CATEGORY | |
RULE_ID | |
RULE_NAME | |
SOURCE_BYTES | Amount of bytes sent by the local host |
SOURCE_IP | |
SOURCE_PORT | |
URL_DOMAIN | |
URL_FULL | |
URL_PATH | |
URL_QUERY | |
USER_DOMAIN | |
USER_NAME |