Mappings: Zeek pe Activity
| Input | Value |
|---|---|
| Vendor | Zeek |
| Product | Zeek |
| Log Format | JSON |
| Event ID Regex Pattern | pe |
| Output | Value |
|---|---|
| Vendor | Bro |
| Product | Bro |
| Record Type | Audit |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| device_hostname | _system_name | |
| threat_name | _path | |
| timestamp | ts | We expect the orginal record value of ts is in the format YYYY-MM-dd'T'HH:mm:ss.SSSSSSZ |