Standard
Standard represents generic system or application logs that conform to the SIEM's base schema but lack vendor context.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (23)
| Field | Type |
|---|---|
std.hostname | text_general |
std.facility | text_general |
std.priority | text_general |
std.program | text_general |
std.eventName | text_general |
std.srcIp | text_general |
std.destIp | text_general |
std.message | text_general |
std.domain | text_general |
std.username | text_general |
std.group | text_general |
std.filename | text_general |
std.timestamp | pdate |
std.duration | plong |
std.quantity | plong |
std.score | plong |
std.eventId | string |
std.extractorIds | strings [] |
std.srcPort | pint |
std.destPort | pint |
std.md5 | string [] |
std.sha1 | string [] |
std.sha256 | string [] |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.