This version of the OpenSearch documentation is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Other log type mappings

Security Analytics supports field mappings that are not specific to a single service or system. These mapping types are separated into the following categories:

Application: Records application logs.
Advanced Persistent Threat (APT): Records logs commonly associated with APT attacks.
Compliance: Records logs related to compliance.
macOS: Records event logs when using a Mac device to access a network.
Proxy: Records logs related to proxy events.
Web: Records logs related to network access from the web.

Each log type contains the same field mappings, as shown in the following code snippet:

  "mappings": [
    {
      "raw_field":"record_type",
      "ecs":"dns.answers.type"
    },
    {
      "raw_field":"query",
      "ecs":"dns.question.name"
    },
    {
      "raw_field":"parent_domain",
      "ecs":"dns.question.registered_domain"
    },
    {
      "raw_field":"creationTime",
      "ecs":"timestamp"
    }
  ]

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

Other log type mappings

OpenSearch Links

Get Involved

Resources

Contact Us