Mappings: Cloudflare - Logpush

Input Requirements

Cloud SIEM Schema Field	Original Record Key	Notes
accountId	AccountID
action	Action
device_ip	ClientIP
dns_queryDomain	QueryName
dns_queryType	QueryType
dstDevice_ip	OriginIP
dstPort	EdgeDstPort
http_method	ClientRequestMethod
http_referer	ClientRequestReferer
http_response_statusCode	EdgeResponseStatus
http_url	https://%s%s
http_userAgent	UserAgent
ipProtocol	Transport
severity	SecurityLevel
srcDevice_ip	ClientIP
srcPort	ClientSrcPort
success	Action	This is a lookup field. More info to come in the catalog later...
timestamp	EdgeEndTimestamp	We expect the orginal record value of `EdgeEndTimestamp` is in the format `yyyy-MM-dd'T'HH:mm:ssZ`
user_userId	UserID
user_username	Email