[ box.win_nxlog.dhcp ] [ ddi.infoblox.dhcp.dhcpd ] [ dhcp.bluecat.dhcpd ] [ dhcp.infoblox.stdout ] [dhcp.microsoft.ip4] Anchor |
---|
| box.win_nxlog.dhcp |
---|
| box.win_nxlog.dhcp |
---|
| box.win_nxlog.dhcpField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'box.win_nxlog.dhcp' |
| str
| | signature | Category | | str
| | source_ip | IPAddress_ip4 | Code Block |
---|
str(IPAddress_ip4) |
| str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | BndStatus | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | Message | | str
| | rawSource | - | | str
| | rawTagged | - | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| |
Anchor |
---|
| ddi.infoblox.dhcp.dhcpd |
---|
| ddi.infoblox.dhcp.dhcpd |
---|
| ddi.infoblox.dhcp.dhcpdField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'ddi.infoblox.dhcp.dhcpd' |
| str
| | signature | message_type | | str
| | source_ip | - | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | - | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | message | | str
| | rawSource | rawMessage | | str
| | rawTagged | tag rawMessage | Code Block |
---|
tag + ": " + rawMessage |
| str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
Anchor |
---|
| dhcp.bluecat.dhcpd |
---|
| dhcp.bluecat.dhcpd |
---|
| dhcp.bluecat.dhcpdField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.bluecat.dhcpd' |
| str
| | signature | signature | | str
| | source_ip | srcIp | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | - | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | message | | str
| | rawSource | rawSource | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
Anchor |
---|
| dhcp.infoblox.stdout |
---|
| dhcp.infoblox.stdout |
---|
| dhcp.infoblox.stdoutField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.infoblox.stdout' |
| str
| | signature | packet | | str
| | source_ip | - | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | - | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | message | | str
| | rawSource | rawSource | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
Anchor |
---|
| dhcp.isc.stdout |
---|
| dhcp.isc.stdout |
---|
| dhcp.isc.stdoutField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.isc.stdout' |
| str
| | signature | packet | | str
| | source_ip | ofAddress | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | - | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | message | | str
| | rawSource | rawSource | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawSource | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
[ dhcp.microsoft.ip4 ] [ dhcp.microsoft.ip6 ] [ dhcp.unix.stdout ] [ firewall.paloalto.system ] Anchor |
---|
| dhcp.microsoft.ip4 |
---|
| dhcp.microsoft.ip4 |
---|
| dhcp.microsoft.ip4Field in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.infoblox.ip4' |
| str
| | signature | - | | str
| | source_ip | srcIp | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | description | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | - | | str
| | rawSource | - | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
[ dhcp.microsoft.ip6 ] [ dhcp.unix.stdout ] [ firewall.paloalto.system ] Anchor |
---|
| dhcp.microsoft.ip6 |
---|
| dhcp.microsoft.ip6 |
---|
| dhcp.microsoft.ip6Field in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.infoblox.ip6' |
| str
| | signature | - | | str
| | source_ip | srcIp6 | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | description | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | - | | str
| | rawSource | rawSource | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawSource | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
Anchor |
---|
| dhcp.unix.stdout |
---|
| dhcp.unix.stdout |
---|
| dhcp.unix.stdoutField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'dhcp.unix.stdout' |
| str
| | signature | dhcpMessageType | | str
| | source_ip | - | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | - | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | - | | str
| | rawSource | rawSource | | str
| | rawTagged | rawTagged | | str
| | rawMessage | rawSource | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
Anchor |
---|
| firewall.paloalto.system |
---|
| firewall.paloalto.system |
---|
| firewall.paloalto.systemField in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | source | - | Code Block |
---|
'firewall.paloalto.system' |
| str
| | signature | - | | str
| | source_ip | client_ip | | str
| | source_ipv4 | source_ipv4 | | ip4
| | source_hostname | source_hostname | | str
| | source_mac | source_mac | | str
| | destination_mac | destination_mac | | str
| | description | description | | str
| | lease_ip | lease_ip | | str
| | lease_mac | lease_mac | | str
| | message | - | | str
| | rawSource | rawMessage | | str
| | rawTagged | tag rawMessage | Code Block |
---|
tag + ": " + rawMessage |
| str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
|