Table of Contents:
Old and New UDM Dimensions for Dashboard Widgets
The table below provides the new and previous dimension names for UDM events and UDM event aggregate sources at the tenant level:
| Old_name | New_display_name |
| Size in Bytes | metadata.description |
| Category name | metadata.event_type |
| QID Name | metadata.product_event_type |
| Log source type | metadata.product_name |
| Log source Vendor Name | metadata.vendor_name |
| Product ID | metadata.product_deployment_id |
| Protocol Name | network.application_protocol |
| Event Direction | network.direction |
| Domain Name | network.dns_domain |
| Fully Qualified Domain name | network.dns.questions.name as fqdn |
| Protocol ID | network.ip_protocol |
| User Agent | network.http.user_agent |
| Network HTTP Method | network.http.method |
| Log source name | observer.hostname |
| Commandline | observer.process.command_line |
| Windows logon type | extensions.auth.mechanism |
| Authentication Details | extensions.auth.auth_details |
| File name | principal.file.full_path |
| Source IP | principal.ip |
| Source Geo location | principal.ip_location.country_or_region |
| Process Name | principal.process.file.full_path |
| Principal User ID | principal.user.userid as principal_user_id |
| Principal User Display Name | principal.user.user_display_name |
| Principal User Email | principal.user.email_addresses |
| Principal hostname | principal.hostname |
| Principal NAT IP | principal.nat_ip |
| Platform | principal.platform |
| Platform Version | principal.platform_version |
| Reporting Device | principal.asset.hostname |
| Source Resource Type | principal.resource.type |
| Principal User Role | principal.user.attribute.roles.name |
| Principal User Role Desc | principal.user.attribute.roles.description |
| Permission Name | principal.user.attribute.permissions.name |
| Role Type | principal.user.attribute.permissions.type |
| Source Location Name | principal.location.name |
| Principal Location State | principal.location.state |
| Principal Location City | principal.location.city |
| Principal Application Name | principal.application |
| Targer URL | target.url |
| Target Username | target.user.userid |
| undefined | target.user.groupid |
| Target User Display Name | target.user.user_display_name |
| Target User Email | target.user.email_addresses as target_user_email |
| Target Application | target.application |
| Group Name | target.group.group_display_name |
| Target destination IP | target.ip |
| Destination Geo Location | target.location.country_or_region |
| Target location name | target.location.name |
| Target project name | target.cloud.project.name |
| Target File | target.process.file.full_path |
| Target Process Cmdline | target.process.command_line |
| Destination port | target.port |
| Target Registry Key | target.registry.registry_key |
| Object Name | target.file.full_path |
| Object Type | target.resource.type |
| Target Resource Type | target.resource.resource_type |
| Target Resource Subtype | target.resource.resource_subtype |
| Target Resource ID | target.resource.id |
| Target Resource | target.resource.name |
| Account ID | target.resource.attribute.labels.value |
| Role Name | target.user.attribute.roles.name |
| Target hostname | target.hostname |
| Target asset location | target.asset.location.country_or_region |
| Config Status | target.asset.attribute.labels.value |
| Action | security_result.action |
| Changed Attributes | security_result.action_details |
| Web Category | security_result.category_details as web_category |
| Severity | security_result.severity |
| Threat Name | security_result.threat_name |
| Security Summary | security_result.summary |
| Error Code | security_result.description |
| Mail Forwarding Activity username | security_result.about.email |
| TunnelType | security_result.rule_type |
| VPNTunnel | security_result.rule_name |
| Security Policy ID | security_result.rule_id |
| Application Name | security_result.about.application |
| undefined | security_result.detection_fields.value |
| undefined | security_result.detection_fields.value |
| Principal IP | principal_ip |
| Principal hostname | principal_hostname |
| Principal userid | principal_userid |
| Principal location | principal_location.country_or_region |
| Target IP | target_ip |
| Target hostname | target_hostname |
| Target userid | target_userid |
| Target Application | target_application |
| Target location | target_location.country_or_region |
| Action | action |
| Vulnerability Severity | extensions.vulns.vulnerabilities.severity |
| intermediary_ip | intermediary.ip |
| Intermediary Hostname | intermediary.hostname |
| network_response_code | network.http.response_code |
| security_severity_details | security_result.severity_details |
| Date | date |
| Date | date |
| Source IP Geo location | src.ip_geo_artifact.location.country_or_region |
| Principal IP Geo location | principal.ip_geo_artifact.location.country_or_region |
| Principal Port | principal.port |
| Mail Subject | network.email.subject |
| Sender Address | network.email.from |
| Recipient Address | network.email.to |
| Attachment Count | additional.fields |
| File Size | about.file.size |
| Event Time | metadata.event_timestamp.seconds |
| Event ID | metadata.id |
Comments
0 comments
Please sign in to leave a comment.