Version 1.1
\
Please check back often. New fields as added to accommodate Vendor Changes.
Field Name
Data Type
length
cloud.account.id
text
32
cloud.instance.name
text
32
cloud.provider
text
8
cloud.region
text
16
cloud.service.name
text
16
destination.as.organization.name
text
128
destination.geo.city_name
text
32
destination.geo.continent_code
text
6
destination.geo.country_code
text
6
destination.geo.country_name
text
32
destination.geo.location.lat
geopoint
destination.geo.location.lon
geopoint
destination.geo.region_name
text
64
event.action
text
16
event.category
text
64
event.created
date
event.dataset
text
32
event.id
text
64
event.kind
text
8
event.module
text
16
event.original
event.outcome
text
16
event.severity
text
16
event.type
text
32
organisation.id
text
8
sensor.id
text
10
source.as.number
text
16
source.as.organization.name
text
128
source.geo.city_name
text
32
source.geo.continent_code
text
6
source.geo.country_code
text
6
source.geo.country_name
text
32
source.geo.location.lat
geopoint
source.geo.location.lon
geopoint
source.geo.region_name
text
64
uuid
text
36
source.locality
text
16
destination.locality
text
16
network.community.id
text
128
source.ip
ip
destination.domain
text
128
source.bytes
int
64
destination.ip
ip
user_agent.name
text
256
http.request.method
text
16
http.version
text
16
source.port
int
8
tls.cipher
text
256
trace.id
text
36
http.response.status_code
int
8
http.request.body.bytes
int
64
http.response.body.bytes
int
64
destination.bytes
int
64
destination.port
int
8
message
source.address
ip
user.id
text
36
user_agent.original
text
265
user.name
text
64
file.path
text
1024
file.hash.sha256
text
64
group.id
text
64
user.target.id
text
64
user.changes.name
text
64
group.name
text
64
user.target.name
text
64
aws.cloudtrail.error_code
text
36
aws.cloudtrail.error_message
text
512
aws.cloudtrail.event_type
text
64
aws.cloudtrail.request_parameters.attribute
text
64
aws.cloudtrail.requestParameters.containerDefinitions.command
text
64
aws.cloudtrail.responseElements
text
64
aws.cloudtrail.responseElements.pendingModifiedValues.masterUserPassword
text
64
aws.cloudtrail.responseElements.publiclyAccessible
text
64
aws.cloudtrail.resources.type
text
64
aws.cloudtrail.user_identity.arn
text
64
aws.cloudtrail.user_identity.session_context.session_issuer.type
text
64
aws.cloudtrail.user_identity.type
text
64
destination.address
ip
host.id
text
36
cloud.machine.type
text
64
host.type
text
64
network.direction
text
16
network.transport
text
8
rule.name
text
128
rule.category
text
64
rule.ruleset
text
128
user.roles
text
128
dns.question.name
text
128
network.protocol
text
8
url.query
text
1024
url.path
text
1024
rule.id
text
36
aws.waf.terminating_rule_match_details
text
128
aws.waf.source.name
text
128
related.user
text
128
related.hash
text
128
related.ip
text
128
related.hosts
text
128
agent.type
text
32
log.type
text
32
observer.type
text
32
threatintel.days
int
16
threatintel.event_data
text
512
threatintel.malware.malware
text
512
threatintel.malware.timestamp
date/time
threatintel.tags
text
256
threatintel.white_list
text
32
threatintel.severity
text
16