Mappings: Zeek pe Activity
Input | Value |
---|---|
Vendor | Zeek |
Product | Zeek |
Log Format | JSON |
Event ID Regex Pattern | pe |
Output | Value |
---|---|
Vendor | Bro |
Product | Bro |
Record Type | Audit |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
device_hostname | _system_name | |
threat_name | _path | |
timestamp | ts | We expect the orginal record value of ts is in the format YYYY-MM-dd'T'HH:mm:ss.SSSSSSZ |