Other log type mappings

Security Analytics supports field mappings that are not specific to a single service or system. These mapping types are separated into the following categories:

Application: Records application logs.
Advanced Persistent Threat (APT): Records logs commonly associated with APT attacks.
Compliance: Records logs related to compliance.
macOS: Records event logs when using a Mac device to access a network.
Proxy: Records logs related to proxy events.
Web: Records logs related to network access from the web.

Each log type contains the same field mappings, as shown in the following code snippet:

  "mappings": [
    {
      "raw_field":"record_type",
      "ecs":"dns.answers.type"
    },
    {
      "raw_field":"query",
      "ecs":"dns.question.name"
    },
    {
      "raw_field":"parent_domain",
      "ecs":"dns.question.registered_domain"
    },
    {
      "raw_field":"creationTime",
      "ecs":"timestamp"
    }
  ]

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

Other log type mappings

OpenSearch Links

Get Involved

Resources

Contact Us