Module usiem::events::field_dictionary

Statics

DESTINATION_BYTES

Amount of bytes sent by the remote host

DESTINATION_IP

DESTINATION_PORT

DHCP_RECORD_TYPE

DNS_ANSWER_CLASS

DNS_ANSWER_DATA

DNS_ANSWER_NAME

DNS_ANSWER_TTL

DNS_ANSWER_TYPE

DNS_OP_CODE

DNS_QUESTION_CLASS

DNS_QUESTION_NAME

DNS_QUESTION_TYPE

DNS_RESOLVED_IP

EVENT_ACTION

The action captured by the event. This describes the information in the event. It is more specific than event.category. Examples are group-add, process-started, file-created. The value is normally defined by the implementer.

EVENT_CATEGORY

event.category represents the “big buckets” of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. Valudes: authentication, configuration, database, driver, file, host, iam, intrusion_detection, malware, network, package, process, web

EVENT_CODE

Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID.

EVENT_OUTCOME

HTTP_REQUEST_METHOD

HTTP_RESPONSE_MIME_TYPE

HTTP_RESPONSE_STATUS_CODE

IN_INTERFACE

NETWORK_DURATION

NETWORK_PROTOCOL

NETWORK_TRANSPORT

OBSERVER_IP

OBSERVER_NAME

OUT_INTERFACE

RULE_CATEGORY

RULE_ID

RULE_NAME

SOURCE_BYTES

Amount of bytes sent by the local host

SOURCE_IP

SOURCE_PORT

URL_DOMAIN

URL_FULL

URL_PATH

URL_QUERY

USER_DOMAIN

USER_NAME