...
| Anchor | ||||
|---|---|---|---|---|
|
Field | Type | Extra fields |
|---|---|---|
eventdate |
| |
hostname |
| |
ACCID |
| |
REGION |
| |
firewall_name |
| |
availability_zone |
| |
event_timestamp |
| |
event__timestamp |
| |
event__flow_id |
| |
event__event_type |
| |
event__src_ip |
| |
event__src_port |
| |
event__dest_ip |
| |
event__dest_port |
| |
event__proto |
| |
event__tx_id |
| |
event__alert__action |
| |
event__alert__signature_id |
| |
event__alert__rev |
| |
event__alert__signature |
| |
event__alert__category |
| |
event__alert__severity |
| |
event__http__hostname |
| |
event__http__url |
| |
event__http__http_user_agent |
| |
event__http__http_method |
| |
event__http__protocol |
| |
event__http__length |
| |
event__app_proto |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
| Anchor | ||||
|---|---|---|---|---|
|
Field | Type | Extra fields |
|---|---|---|
eventdate |
| |
hostname |
| |
ACCID |
| |
REGION |
| |
firewall_name |
| |
availability_zone |
| |
event_timestamp |
| |
event__timestamp |
| |
event__flow_id |
| |
event__event_type |
| |
event__src_ip |
| |
event__src_port |
| |
event__dest_ip |
| |
event__dest_port |
| |
event__proto |
| |
event__netflow__pkts |
| |
event__netflow__bytes |
| |
event__netflow__start |
| |
event__netflow__end |
| |
event__netflow__age |
| |
event__netflow__min_ttl |
| |
event__netflow__max_ttl |
| |
event__tcp__tcp_flags |
| |
event__tcp__syn |
| |
event__tcp__ecn |
| |
event__tcp__cwr |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |