Page Comparison

...

This is the set of columns displayed by this union table, which is the result of the collection of columns present in all source tables:

Note

Extra fields

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

Field	Type	Source field name	Extra fields
eventdate	`timestamp`

orig


originator	`str`

orig
host	`str`

dest

destination_ip

ip4

`str`
destination_ipv4	`ip4`	dest_ip
destination_port	`str`

dest_port
event_type	`str`
protocol	`str`	proto
source_ip	`str`

src

source_

ip

ipv4

ip4

src_ip

src


source_port	`str`

src_port
timestamp	`str`
alert_category	`str`
alert_

rev

revision

int8

alert_rev
alert_severity	`int8`
alert_signature	`str`
alert_signature_id	`int8`
event_format	`str`
event_source	`str`
event_uuid	`str`
sensor_ipv4	`ip4`
sensor_uuid	`str`
source_geo_city_name	`str`	src_city_name
source_geo_country_name	`str`

src_country

str


source_geo_latitude	`float8`	src_lat
source_geo_longitude	`float8`

src_lon

float8


destination_geo_city_name	`str`	dst_city_name

str


destination_geo_country_name	`str`	dst_country

str


destination_geo_latitude	`float8`	dst_lat
destination_geo_longitude	`float8`

dst_lon

float8


bytes_analyzed	`str`

conn


connection_uids	`str`

conn_uids
download	`bool`

fid


file_id	`str`

fid
file_description	`str`

filename


file_name	`str`

filename
md5	`str`
mime_type	`str`
bro_protocol	`str`	bro_proto
recipient_destination_ip	`str`

rx

recipient_destination_

host

ipv4

ip4

rx

rx_host
recipient_destination_port	`str`

rx_port
sha1	`str`
stored_as	`str`
transfer_protocol	`str`	transfer_proto
transfer_source_ip	`str`

tx

transfer_source_

host

ipv4

ip4

tx

tx_host
transfer_source_port	`str`

CauseMessage

tx_port
cause_message	`str`

CauseMessage

Determinant


determinant	`str`

Determinant

ParseStatus


parse_status	`str`

ParseStatus

SHA256


sha256	`str`

SHA256

SampleFormat


sample_format	`str`

SampleScoringActivityVersion

SampleFormat
sample_scoring_activity_version	`int8`

SampleScoringVersion

SampleScoringActivityVersion
sample_scoring_version	`int8`

SampleScoringVersion

Score


score	`float8`

Score

StatusCause


status_cause	`str`

RaiseExceptionImports

StatusCause
raise_exception_imports	`bool`

OSInfoImports

RaiseExceptionImports
os_info_imports	`bool`

DebugCheckImports

OSInfoImports
debug_check_imports	`bool`

TerminateProcessImports

DebugCheckImports
terminate_process_imports	`bool`

CodepageLookupImports

TerminateProcessImports
codepage_lookup_imports	`bool`

CodepageLookupImports
hostchain	`str`
url	`str`

http_


content_type	`str`

	http_content_type
method	`str`

	http_method
user_agent	`str`

http_user_agent
hostname	`str`

jsonEvent


json_event	`json`

jsonEvent
tag	`str`		✓

Note

Extra fields

Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.

Field transformations

Even though all source tables have several features in common, they have some particularities that make it necessary to undergo a set of transformations to harmonize them for the union table. The most common transformations comprise changes in the data type or the application of rules when several columns in the source table feed a single column in the union table. You can find below the detailed list of transformations in each source table.

...

Anchor
tag1
tag1
ids.bricata.brocata

Field in union table	Field in source table	Field transformation	Type	Extra fields
eventdate	eventdate		`timestamp`

orig

originator

-

originator

code

"brocata"

`str`
host	host		`str`

dest


destination_ip	dest_ip

Code Blockip4(dest_ip)

		`str`
destination_ipv4	destination_ipv4		`ip4`

dest

destination_port

dest

destination_port

Code Blockstr(dest_port)

	`str`
event_type	event_type		`str`

proto

protocol

proto

protocol

str

src


source_ip	src_ip

Code Blockip4(src_ip)

	`str`
source_ipv4	source_ipv4		`ip4`

src

source_port

src

source_port

Code Blockstr(src_port)

	`str`
timestamp	timestamp	`str`
alert_category	category	`str`
alert_

rev

revision

rev

Code Blockint8(rev)

alert_revision

int8

alert_severity

severity

Code Block
int8(severity)

int8

alert_signature

signature

str

alert_signature_id

signature_id

Code Block
int8(signature_id)

int8

event_format

str

event_source

str

event_uuid

str

sensor_ipv4

Code Block
ip4(sensor_ipv4)

ip4

sensor_uuid

str

src

source_geo_city_name

src

source_geo_city_name

str

src

source_geo_country_name

src

source_geo_country_name

str

src

source_geo_

lat

latitude

src

source_geo_

lat

latitude

float8

src

source_geo_

lon

longitude

src

source_geo_

lon

longitude

float8

dst

destination_geo_city_name

dst

destination_geo_city_name

str

dst

destination_geo_country_name

dst

destination_geo_country_name

str

dst

destination_geo_

lat

latitude

dst

destination_geo_

lat

latitude

float8

dst

destination_geo_

lon

longitude

dst

destination_geo_

lon

longitude

float8

bytes_analyzed

-

Code Block
null("")

str

conn

connection_uids

-

Code Blocknull("") Code Blocknull("")

connection_uids

str

download

false

Code Block
null(false)

bool

fid

-

Code Blocknull("")

file_id

str

file_description

-

Code Block
null("")

str

filename

-

file_name

str

md5

-

Code Block
null("")

str

mime_type

-

Code Block
null("")

str

bro_protocol

bro

_proto

_protocol

str

recipient_destination_ip

-

Code Block
null(

""

'')

str

rx

recipient_destination_

host

-

Code Block
null(ip4("0.0.0.0"))

ip4

rx_port

-

Code Block
null("")

ipv4

recipient_destination_ipv4

ip4

recipient_destination_port

str

sha1

-

Code Block
null("")

str

stored_as

-

Code Block
null("")

str

transfer_protocol

str

transfer_source_

proto

ip

-

Code Block
null(

""

'')

str

tx

transfer_source_

host

-

Code Block
null(ip4("0.0.0.0"))

ip4

tx_port

-

Code Block
null("")

str

CauseMessage

-

Code Block
null("")

str

Determinant

-

Code Block
null("")

str

ParseStatus

-

Code Block
null("")

str

SHA256

-

Code Block
null("")

str

SampleFormat

-

Code Block
null("")

str

SampleScoringActivityVersion

-

Code Block
null(int8(0))

int8

SampleScoringVersion

-

Code Block
null(int8(0))

int8

Score

-

Code Block
null(float8(0))

float8

StatusCause

-

Code Block
null("")

str

RaiseExceptionImports

false

Code Block
null(false)

bool

OSInfoImports

false

Code Block
null(false)

bool

DebugCheckImports

false

Code Block
null(false)

bool

TerminateProcessImports

false

Code Block
null(false)

bool

CodepageLookupImports

false

Code Block
null(false)

ipv4	transfer_source_ipv4	`ip4`
transfer_source_port	transfer_source_port	`str`
cause_message	cause_message	`str`
determinant	determinant	`str`
parse_status	parse_status	`str`
sha256	sha256	`str`
sample_format	sample_format	`str`
sample_scoring_activity_version	sample_scoring_activity_version	`int8`
sample_scoring_version	sample_scoring_version	`int8`
score	score	`float8`
status_cause	status_cause	`str`
raise_exception_imports	raise_exception_imports	`bool`
os_info_imports	os_info_imports	`bool`
debug_check_imports	debug_check_imports	`bool`
terminate_process_imports	terminate_process_imports	`bool`
codepage_lookup_imports	codepage_lookup_imports	`bool`
hostchain	hostchain	`str`
url	url	`str`

http_

content_type

http_

content_type

str

http_

method

http_

method

str

http_

user_agent

http_

user_agent		`str`
hostname	hostname		`str`

jsonEvent


json_event	json_event	`json`
tag	tag	`str`	✓

Anchor
tag2
tag2
ids.bricata.burocata

Field in union table	Field in source table	Field transformation	Type	Extra fields
eventdate	eventdate		`timestamp`

orig

originator

-

originator

code

"burocata"

str

host

str

destination_ip

dest_ip

Code Block
str(dest_ip)

str

destination_ipv4

ip4

dest

destination_port

dest

destination_port		`str`
event_type	event_type		`str`

proto

protocol

proto

protocol

str

source_ip

src_ip

Code Block
str(src_ip)

str

source_ipv4

ip4

src

source_port

src

source_port		`str`
timestamp	timestamp		`str`
alert_category	alert_category		`str`
alert_

rev

revision

alert_

rev Code Blockint8(alert_rev)

revision

int8

alert_severity

Code Block
int8(alert_severity)

int8

alert_signature

str

alert_signature_id

Code Block
int8(alert_signature_id)

int8

event_format

str

event_source

str

event_uuid

str

sensor_ipv4

ip4

sensor_uuid

str

src


source_geo_city_name	source_geo_city_name		`str`

src


source_geo_country_name	source_geo_country_name		`str`

src

source_geo_

latlat

latitude

source_geo_latitude

float8

src

source_geo_

lonlon

longitude

source_geo_longitude

float8

dst

destination_geo_city_name

-

Code Blocknull("")

destination_geo_city_name

str

dst

destination_geo_country

-

Code Block
null("")

str

dst_lat

-

Code Block
null(float8(0))

float8

dst_lon

-

Code Blocknull(float8(0))

_name	destination_geo_country_name	`str`
destination_geo_latitude	destination_geo_latitude	`float8`
destination_geo_longitude	destination_geo_longitude	`float8`
bytes_analyzed	bytes_analyzed	`str`

conn

connection_uids

conn

connection_uids		`str`
download	download		`bool`

fid


file_id	file_id	`str`
file_description	file_description	`str`

filename


file_name	file_name	`str`
md5	md5	`str`
mime_type	mime_type	`str`
bro_

proto

protocol

bro_

proto

protocol

str

recipient_destination_ip

rx_host

Code Block
str(rx_host)

str

recipient_destination_ipv4

ip4

rx

recipient_destination_port

rx

recipient_destination_port		`str`
sha1	sha1		`str`
stored_as	stored_as		`str`
transfer_

proto

protocol

transfer_

proto

protocol

str

transfer_source_ip

tx_host

Code Block
str(tx_host)

str

transfer_source_ipv4

ip4

tx

transfer_source_port

tx

transfer_source_port

str

CauseMessage


cause_message	cause_message		`str`

Determinant

determinant

Determinant

determinant

str

ParseStatus


parse_status	parse_status		`str`

SHA256

sha256

SHA256

sha256

str

SampleFormat


sample_format	sample_format		`str`

SampleScoringActivityVersion

Code Block
int8(SampleScoringActivityVersion)

int8

SampleScoringVersion

Code Block
int8(SampleScoringVersion)

int8

Score


sample_scoring_activity_version	sample_scoring_activity_version	`int8`
sample_scoring_version	sample_scoring_version	`int8`
score	score	`float8`

StatusCause


status_cause	status_cause		`str`

RaiseExceptionImports


raise_exception_imports	raise_exception_imports		`bool`

OSInfoImports


os_info_imports	os_info_imports		`bool`

DebugCheckImports


debug_check_imports	debug_check_imports		`bool`

TerminateProcessImports


terminate_process_imports	terminate_process_imports		`bool`

CodepageLookupImports

codepage_lookup_imports

bool

hostchain

-

Code Block
null("")

str

url

-

Code Block
null("")

str

http


content_type	content_type

-

Code Blocknull("")

str

http_

method

-

Code Blocknull("")

method

str

http


user_agent	user_agent

-

Code Blocknull("")

str

hostname

-

Code Block
null("")

str

jsonEvent


json_event	json_event	`json`
tag	tag	`str`	✓

Versions Compared

Old Version 1

New Version Current

Key

Field transformations

Anchor
tag1
tag1
ids.bricata.brocata

Anchor
tag2
tag2
ids.bricata.burocata

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

Field transformations

Anchortag1tag1ids.bricata.brocata

Anchortag2tag2ids.bricata.burocata

Anchor
tag1
tag1
ids.bricata.brocata

Anchor
tag2
tag2
ids.bricata.burocata