Other log type mappings

Security Analytics supports field mappings that are not specific to a single service or system. These mapping types are separated into the following categories:

  • Application: Records application logs.
  • Advanced Persistent Threat (APT): Records logs commonly associated with APT attacks.
  • Compliance: Records logs related to compliance.
  • macOS: Records event logs when using a Mac device to access a network.
  • Proxy: Records logs related to proxy events.
  • Web: Records logs related to network access from the web.

Each log type contains the same field mappings, as shown in the following code snippet:

  1.   "mappings": [
  2.     {
  3.       "raw_field":"record_type",
  4.       "ecs":"dns.answers.type"
  5.     },
  6.     {
  7.       "raw_field":"query",
  8.       "ecs":"dns.question.name"
  9.     },
  10.     {
  11.       "raw_field":"parent_domain",
  12.       "ecs":"dns.question.registered_domain"
  13.     },
  14.     {
  15.       "raw_field":"creationTime",
  16.       "ecs":"timestamp"
  17.     }
  18.   ]