Table of Contents:
Old and New UDM Dimensions for Dashboard Widgets
The table below provides the new and previous dimension names for UDM events and UDM event aggregate sources at the tenant level:
Old_name | New_display_name |
Size in Bytes | metadata.description |
Category name | metadata.event_type |
QID Name | metadata.product_event_type |
Log source type | metadata.product_name |
Log source Vendor Name | metadata.vendor_name |
Product ID | metadata.product_deployment_id |
Protocol Name | network.application_protocol |
Event Direction | network.direction |
Domain Name | network.dns_domain |
Fully Qualified Domain name | network.dns.questions.name as fqdn |
Protocol ID | network.ip_protocol |
User Agent | network.http.user_agent |
Network HTTP Method | network.http.method |
Log source name | observer.hostname |
Commandline | observer.process.command_line |
Windows logon type | extensions.auth.mechanism |
Authentication Details | extensions.auth.auth_details |
File name | principal.file.full_path |
Source IP | principal.ip |
Source Geo location | principal.ip_location.country_or_region |
Process Name | principal.process.file.full_path |
Principal User ID | principal.user.userid as principal_user_id |
Principal User Display Name | principal.user.user_display_name |
Principal User Email | principal.user.email_addresses |
Principal hostname | principal.hostname |
Principal NAT IP | principal.nat_ip |
Platform | principal.platform |
Platform Version | principal.platform_version |
Reporting Device | principal.asset.hostname |
Source Resource Type | principal.resource.type |
Principal User Role | principal.user.attribute.roles.name |
Principal User Role Desc | principal.user.attribute.roles.description |
Permission Name | principal.user.attribute.permissions.name |
Role Type | principal.user.attribute.permissions.type |
Source Location Name | principal.location.name |
Principal Location State | principal.location.state |
Principal Location City | principal.location.city |
Principal Application Name | principal.application |
Targer URL | target.url |
Target Username | target.user.userid |
undefined | target.user.groupid |
Target User Display Name | target.user.user_display_name |
Target User Email | target.user.email_addresses as target_user_email |
Target Application | target.application |
Group Name | target.group.group_display_name |
Target destination IP | target.ip |
Destination Geo Location | target.location.country_or_region |
Target location name | target.location.name |
Target project name | target.cloud.project.name |
Target File | target.process.file.full_path |
Target Process Cmdline | target.process.command_line |
Destination port | target.port |
Target Registry Key | target.registry.registry_key |
Object Name | target.file.full_path |
Object Type | target.resource.type |
Target Resource Type | target.resource.resource_type |
Target Resource Subtype | target.resource.resource_subtype |
Target Resource ID | target.resource.id |
Target Resource | target.resource.name |
Account ID | target.resource.attribute.labels.value |
Role Name | target.user.attribute.roles.name |
Target hostname | target.hostname |
Target asset location | target.asset.location.country_or_region |
Config Status | target.asset.attribute.labels.value |
Action | security_result.action |
Changed Attributes | security_result.action_details |
Web Category | security_result.category_details as web_category |
Severity | security_result.severity |
Threat Name | security_result.threat_name |
Security Summary | security_result.summary |
Error Code | security_result.description |
Mail Forwarding Activity username | security_result.about.email |
TunnelType | security_result.rule_type |
VPNTunnel | security_result.rule_name |
Security Policy ID | security_result.rule_id |
Application Name | security_result.about.application |
undefined | security_result.detection_fields.value |
undefined | security_result.detection_fields.value |
Principal IP | principal_ip |
Principal hostname | principal_hostname |
Principal userid | principal_userid |
Principal location | principal_location.country_or_region |
Target IP | target_ip |
Target hostname | target_hostname |
Target userid | target_userid |
Target Application | target_application |
Target location | target_location.country_or_region |
Action | action |
Vulnerability Severity | extensions.vulns.vulnerabilities.severity |
intermediary_ip | intermediary.ip |
Intermediary Hostname | intermediary.hostname |
network_response_code | network.http.response_code |
security_severity_details | security_result.severity_details |
Date | date |
Date | date |
Source IP Geo location | src.ip_geo_artifact.location.country_or_region |
Principal IP Geo location | principal.ip_geo_artifact.location.country_or_region |
Principal Port | principal.port |
Mail Subject | network.email.subject |
Sender Address | network.email.from |
Recipient Address | network.email.to |
Attachment Count | additional.fields |
File Size | about.file.size |
Event Time | metadata.event_timestamp.seconds |
Event ID | metadata.id |
Comments
0 comments
Please sign in to leave a comment.