Mappings: Cloudflare - Logpush
Input | Value |
---|---|
Vendor | Cloudflare |
Product | Logpush |
Log Format | JSON |
Event ID Regex Pattern | _default_ |
Output | Value |
---|---|
Vendor | Cloudflare |
Product | Logpush |
Record Type | Network |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
accountId | AccountID | |
action | Action | |
device_ip | ClientIP | |
dns_queryDomain | QueryName | |
dns_queryType | QueryType | |
dstDevice_ip | OriginIP | |
dstPort | EdgeDstPort | |
http_method | ClientRequestMethod | |
http_referer | ClientRequestReferer | |
http_response_statusCode | EdgeResponseStatus | |
http_url | https://%s%s | |
http_userAgent | UserAgent | |
ipProtocol | Transport | |
severity | SecurityLevel | |
srcDevice_ip | ClientIP | |
srcPort | ClientSrcPort | |
success | Action | This is a lookup field. More info to come in the catalog later... |
timestamp | EdgeEndTimestamp | We expect the orginal record value of EdgeEndTimestamp is in the format yyyy-MM-dd'T'HH:mm:ssZ |
user_userId | UserID | |
user_username |