Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (14)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.firewall.action Firewall action taken (e.g., allow, block, drop). | lancomCloud.additionalProperties.action | strings |
gen.src.ip Source IP address. | lancomCloud.additionalProperties.client_ip lancomCloud.additionalProperties.source_ip | text_general |
gen.dest.ip Destination IP address. | lancomCloud.additionalProperties.destination_ip | text_general |
gen.dest.port Destination port number. | lancomCloud.additionalProperties.destination_port | pint |
gen.src.interface Network interface used for the source connection. | lancomCloud.additionalProperties.in_iface | strings |
gen.av.infectionName Name of the detected infection or malware. | lancomCloud.additionalProperties.malware_name | strings |
gen.av.infectionCategory Category of detected malware or infection. | lancomCloud.additionalProperties.malware_type | strings |
gen.dest.interface Network interface used for the destination connection. | lancomCloud.additionalProperties.out_iface | strings |
gen.protocol Network protocol used (e.g., TCP, UDP, ICMP). | lancomCloud.additionalProperties.proto | strings |
gen.mail.receiver Email address of the message recipient. | lancomCloud.additionalProperties.recipient | strings |
gen.src.port Source port number. | lancomCloud.additionalProperties.source_port | pint |
gen.username Username associated with the event. | lancomCloud.additionalProperties.username | text_general |
gen.severity Normalized severity field across log sources. | lancomCloud.severity | strings |
gen.hostname Normalized hostname of the system generating the log. | lancomCloud.system | text_general |
Reference-Specific Fields (55)
| Field | Type |
|---|---|
lancomCloud.accountId | string |
lancomCloud.additionalProperties.action | text_general |
lancomCloud.additionalProperties.category | text_general |
lancomCloud.additionalProperties.client_ip | text_general |
lancomCloud.additionalProperties.connection_id | string |
lancomCloud.additionalProperties.description | text_general |
lancomCloud.additionalProperties.destination_ip | text_general |
lancomCloud.additionalProperties.destination_port | pints |
lancomCloud.additionalProperties.domain | text_general |
lancomCloud.additionalProperties.dropped | string |
lancomCloud.additionalProperties.idps_category | text_general |
lancomCloud.additionalProperties.idps_event_type | text_general |
lancomCloud.additionalProperties.in_iface | string |
lancomCloud.additionalProperties.len | plong |
lancomCloud.additionalProperties.mac | text_general |
lancomCloud.additionalProperties.malware_block_reason | text_general |
lancomCloud.additionalProperties.malware_id | string |
lancomCloud.additionalProperties.malware_name | text_general |
lancomCloud.additionalProperties.malware_type | text_general |
lancomCloud.additionalProperties.mark | plong |
lancomCloud.additionalProperties.ocode | string |
lancomCloud.additionalProperties.odpt | plong |
lancomCloud.additionalProperties.odst | text_general |
lancomCloud.additionalProperties.oproto | string |
lancomCloud.additionalProperties.ospt | plong |
lancomCloud.additionalProperties.osrc | text_general |
lancomCloud.additionalProperties.otype | string |
lancomCloud.additionalProperties.out_iface | string |
lancomCloud.additionalProperties.prec | string |
lancomCloud.additionalProperties.profile | text_general |
lancomCloud.additionalProperties.proto | string |
lancomCloud.additionalProperties.proto_stack | text_general |
lancomCloud.additionalProperties.rcode | string |
lancomCloud.additionalProperties.rdpt | plong |
lancomCloud.additionalProperties.rdst | text_general |
lancomCloud.additionalProperties.recipient | text_general |
lancomCloud.additionalProperties.rproto | string |
lancomCloud.additionalProperties.rspt | plong |
lancomCloud.additionalProperties.rsrc | text_general |
lancomCloud.additionalProperties.rtype | string |
lancomCloud.additionalProperties.signature | string |
lancomCloud.additionalProperties.source_ip | text_general |
lancomCloud.additionalProperties.source_port | pints |
lancomCloud.additionalProperties.tos | string |
lancomCloud.additionalProperties.ttl | plong |
lancomCloud.additionalProperties.uri | text_general |
lancomCloud.additionalProperties.username | text_general |
lancomCloud.additionalProperties.webfilter_category | text_general |
lancomCloud.createdAt | pdate |
lancomCloud.deviceId | string |
lancomCloud.messageId | string |
lancomCloud.rawMessage | text_general |
lancomCloud.receivedAt | pdate |
lancomCloud.severity | pints |
lancomCloud.system | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.