Link Search Menu Expand Document Documentation Menu

Other log type mappings

Security Analytics supports field mappings that are not specific to a single service or system. These mapping types are separated into the following categories:

  • Application: Records application logs.
  • Advanced Persistent Threat (APT): Records logs commonly associated with APT attacks.
  • Compliance: Records logs related to compliance.
  • macOS: Records event logs when using a Mac device to access a network.
  • Proxy: Records logs related to proxy events.
  • Web: Records logs related to network access from the web.

Each log type contains the same field mappings, as shown in the following code snippet:

  "mappings": [
    {
      "raw_field":"record_type",
      "ecs":"dns.answers.type"
    },
    {
      "raw_field":"query",
      "ecs":"dns.question.name"
    },
    {
      "raw_field":"parent_domain",
      "ecs":"dns.question.registered_domain"
    },
    {
      "raw_field":"creationTime",
      "ecs":"timestamp"
    }
  ]
350 characters left

Have a question? .

Want to contribute? or .