Module usiem::events::field_dictionary [−][src]
Statics
| DESTINATION_BYTES | Amount of bytes sent by the remote host |
| DESTINATION_IP | |
| DESTINATION_PORT | |
| DNS_ANSWER_CLASS | |
| DNS_ANSWER_DATA | |
| DNS_ANSWER_NAME | |
| DNS_ANSWER_TTL | |
| DNS_ANSWER_TYPE | |
| DNS_OP_CODE | |
| DNS_QUESTION_CLASS | |
| DNS_QUESTION_NAME | |
| DNS_QUESTION_TYPE | |
| DNS_RESOLVED_IP | |
| EVENT_ACTION | The action captured by the event. This describes the information in the event. It is more specific than event.category. Examples are group-add, process-started, file-created. The value is normally defined by the implementer. |
| EVENT_CATEGORY | event.category represents the “big buckets” of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. Valudes: authentication, configuration, database, driver, file, host, iam, intrusion_detection, malware, network, package, process, web |
| EVENT_CODE | Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. |
| EVENT_OUTCOME | |
| HTTP_REQUEST_METHOD | |
| HTTP_RESPONSE_MIME_TYPE | |
| HTTP_RESPONSE_STATUS_CODE | |
| IN_INTERFACE | |
| NETWORK_DURATION | |
| NETWORK_PROTOCOL | |
| NETWORK_TRANSPORT | |
| OBSERVER_IP | |
| OBSERVER_NAME | |
| OUT_INTERFACE | |
| RULE_CATEGORY | |
| RULE_ID | |
| RULE_NAME | |
| SOURCE_BYTES | Amount of bytes sent by the local host |
| SOURCE_IP | |
| SOURCE_PORT | |
| URL_DOMAIN | |
| URL_FULL | |
| URL_PATH | |
| URL_QUERY | |
| USER_DOMAIN | |
| USER_NAME |