Link Search Menu Expand Document Documentation Menu

You're viewing version 2.17 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Other log type mappings

Security Analytics supports field mappings that are not specific to a single service or system. These mapping types are separated into the following categories:

  • Application: Records application logs.
  • Advanced Persistent Threat (APT): Records logs commonly associated with APT attacks.
  • Compliance: Records logs related to compliance.
  • macOS: Records event logs when using a Mac device to access a network.
  • Proxy: Records logs related to proxy events.
  • Web: Records logs related to network access from the web.

Each log type contains the same field mappings, as shown in the following code snippet:

  "mappings": [
    {
      "raw_field":"record_type",
      "ecs":"dns.answers.type"
    },
    {
      "raw_field":"query",
      "ecs":"dns.question.name"
    },
    {
      "raw_field":"parent_domain",
      "ecs":"dns.question.registered_domain"
    },
    {
      "raw_field":"creationTime",
      "ecs":"timestamp"
    }
  ]
350 characters left

Have a question? .

Want to contribute? or .