The nomenclature for field names depends on the function area of the Logger. The following table provides the mapping between these types of names.
|
Database Name |
Search Results |
CEF Field Name |
Reports |
|---|---|---|---|
|
arc_agentAddress |
agentAddress |
agt |
Agent Address |
|
arc_agentHostName |
agentHostName |
ahost |
Agent Host Name |
|
arc_agentNtDomain |
agentNtDomain |
agentNtDomain |
Agent NT Domain |
|
arc_agentSeverity |
agentSeverity |
Severity |
Severity |
|
arc_agentType |
agentType |
at |
Agent Type |
|
arc_agentZone |
agentZone |
agentZone |
Agent Zone |
|
arc_agentZoneName |
agentZoneName |
agentZoneName |
Agent Zone Name |
|
arc_agentZoneResource |
agentZoneResource |
agentZoneResource |
Agent Zone Resource |
|
arc_agentZoneURI |
agentZoneURI |
agentZoneURI |
Agent Zone URI |
|
arc_applicationProtocol |
applicationProtocol |
app |
Application Protocol |
|
arc_baseEventCount |
baseEventCount |
cnt |
Base Event Count |
|
arc_bytesIn |
bytesIn |
in |
Bytes In |
|
arc_bytesOut |
bytesOut |
out |
Bytes Out |
|
arc_categoryBehavior |
categoryBehavior |
categoryBehavior |
Category Behavior |
|
arc_categoryDeviceGroup |
categoryDeviceGroup |
categoryDeviceGroup |
Category Device Group |
|
arc_categoryObject |
categoryObject |
categoryObject |
Category Object |
|
arc_categoryOutcome |
categoryOutcome |
categoryOutcome |
Category Outcome |
|
arc_categorySignificance |
categorySignificance |
categorySignificance |
Category Significance |
|
arc_categoryTechnique |
categoryTechnique |
categoryTechnique |
Category Technique |
|
arc_customerName |
customerName |
customerName |
Customer Name |
|
arc_destinationAddress |
destinationAddress |
dst |
Destination Address |
|
arc_destinationDnsDomain |
destinationDnsDomain |
destinationDnsDomain |
Destination DNS Domain |
|
arc_destinationHostName |
destinationHostName |
dhost |
Destination Host Name |
|
arc_destinationMacAddress |
destinationMacAddress |
dmac |
Destination Mac Address |
|
arc_destinationNtDomain |
destinationNtDomain |
dntdom |
Destination NT Domain |
|
arc_destinationPort |
destinationPort |
dpt |
Destination Port |
|
arc_destinationProcessName |
destinationProcessName |
dproc |
Destination Process Name |
|
arc_destinationServiceName |
destinationServiceName |
destinationServiceName |
Destination Service Name |
|
arc_destinationTranslatedAddress |
destinationTranslatedAddress |
destinationTranslatedAddress |
Destination Translated Address |
|
arc_destinationUserId |
destinationUserId |
duid |
Destination User ID |
|
arc_destinationUserName |
destinationUserName |
duser |
Destination User Name |
|
arc_destinationUserPrivileges |
destinationUserPrivileges |
dpriv |
Destination User Privileges |
|
arc_destinationZone |
destinationZone |
destinationZone |
Destination Zone |
|
arc_destinationZoneName |
destinationZoneName |
destinationZoneName |
Destination Zone Name |
|
arc_destinationZoneResource |
destinationZoneResource |
destinationZoneResource |
Destination Zone Resource |
|
arc_destinationZoneURI |
destinationZoneURI |
destinationZoneURI |
Destination Zone URI |
|
arc_deviceAction |
deviceAction |
act |
Device Action |
|
arc_deviceAddress |
deviceAddress |
dvc |
Device Address |
|
arc_deviceCustomDate1 |
deviceCustomDate1 |
deviceCustomDate1 |
Device Custom Date 1 |
|
arc_deviceCustomDate1Label |
deviceCustomDate1Label |
deviceCustomDate1Label |
Device Custom Date 1 Label |
|
arc_deviceCustomDate2 |
deviceCustomDate2 |
deviceCustomDate2 |
Device Custom Date 2 |
|
arc_deviceCustomDate2Label |
deviceCustomDate2Label |
deviceCustomDate2Label |
Device Custom Date 2 Label |
|
arc_deviceCustomNumber1 |
deviceCustomNumber1 |
cn1 |
Device Custom Number 1 |
|
arc_deviceCustomNumber1Label |
deviceCustomNumber1Label |
cn1Label |
Device Custom Number 1 Label |
|
arc_deviceCustomNumber2 |
deviceCustomNumber2 |
cn2 |
Device Custom Number 2 |
|
arc_deviceCustomNumber2Label |
deviceCustomNumber2Label |
cn2Label |
Device Custom Number 2 Label |
|
arc_deviceCustomNumber3 |
deviceCustomNumber3 |
cn3 |
Device Custom Number 3 |
|
arc_deviceCustomNumber3Label |
deviceCustomNumber3Label |
cn3Label |
Device Custom Number 3 Label |
|
arc_deviceCustomString1 |
deviceCustomString1 |
cs1 |
Device Custom String 1 |
|
arc_deviceCustomString1Label |
deviceCustomString1Label |
cs1Label |
Device Custom String 1 Label |
|
arc_deviceCustomString2 |
deviceCustomString2 |
cs2 |
Device Custom String 2 |
|
arc_deviceCustomString2Label |
deviceCustomString2Label |
cs2Label |
Device Custom String 2 Label |
|
arc_deviceCustomString3 |
deviceCustomString3 |
cs3 |
Device Custom String 3 |
|
arc_deviceCustomString3Label |
deviceCustomString3Label |
cs3Label |
Device Custom String 3 Label |
|
arc_deviceCustomString4 |
deviceCustomString4 |
cs4 |
Device Custom String 4 |
|
arc_deviceCustomString4Label |
deviceCustomString4Label |
cs4Label |
Device Custom String 4 Label |
|
arc_deviceCustomString5 |
deviceCustomString5 |
cs5 |
Device Custom String 5 |
|
arc_deviceCustomString5Label |
deviceCustomString5Label |
cs5Label |
Device Custom String 5 Label |
|
arc_deviceCustomString6 |
deviceCustomString6 |
cs6 |
Device Custom String 6 |
|
arc_deviceCustomString6Label |
deviceCustomString6Label |
cs6Label |
Device Custom String 6 Label |
|
arc_deviceEventCategory |
deviceEventCategory |
cat |
Device Event Category |
|
arc_deviceEventClassId |
deviceEventClassId |
Signature ID |
Signature Id |
|
arc_deviceExternalId |
deviceExternalId |
deviceExternalId |
Device External Id |
|
arc_deviceHostName |
deviceHostName |
dvchost |
Device Host Name |
|
arc_deviceInboundInterface |
deviceInboundInterface |
deviceInboundInterface |
Device Inbound Interface |
|
arc_deviceOutboundInterface |
deviceOutboundInterface |
deviceOutboundInterface |
Device Outbound Interface |
|
arc_deviceProduct |
deviceProduct |
Device Product |
Device Product |
|
arc_deviceReceiptTime |
deviceReceiptTime |
rt |
Device Receipt Time |
|
arc_deviceSeverity |
deviceSeverity |
deviceSeverity |
Device Severity |
|
arc_deviceVendor |
deviceVendor |
Device Vendor |
Device Vendor |
|
arc_deviceVersion |
deviceVersion |
Device Version |
Device Version |
|
arc_deviceZone |
deviceZone |
deviceZone |
Device Zone |
|
arc_deviceZoneName |
deviceZoneName |
deviceZoneName |
Device Zone Name |
|
arc_deviceZoneResource |
deviceZoneResource |
deviceZoneResource |
Device Zone Resource |
|
arc_deviceZoneURI |
deviceZoneURI |
deviceZoneURI |
Device Zone URI |
|
arc_endTime |
endTime |
end |
End Time |
|
arc_eventId |
eventId |
eventId |
Event Id |
|
arc_externalId |
externalId |
externalId |
External Id |
|
arc_fileName |
fileName |
fname |
File Name |
|
arc_filePath |
filePath |
filePath |
File Path |
|
arc_flexDate1 |
flexDate1 |
flexDate1 |
Flex Date 1 |
|
arc_flexDate1Label |
flexDate1Label |
flexDate1Label |
Flex Date 1 Label |
|
arc_flexNumber1 |
flexNumber1 |
flexNumber1 |
Flex Number1 |
|
arc_flexNumber1Label |
flexNumber1Label |
flexNumber1Label |
Flex Number 1 Label |
|
arc_flexNumber2 |
flexNumber2 |
flexNumber2 |
Flex Number 2 |
|
arc_flexNumber2Label |
flexNumber2Label |
flexNumber2Label |
Flex Number 2 Label |
|
arc_flexString1 |
flexString1 |
flexString1 |
Flex String 1 |
|
arc_flexString1Label |
flexString1Label |
flexString1Label |
Flex String 1 Label |
|
arc_flexString2 |
flexString2 |
flexString2 |
Flex String 2 |
|
arc_flexString2Label |
flexString2Label |
flexString2Label |
Flex String 2 Label |
|
arc_message |
message |
msg |
Message |
|
arc_name |
name |
Name |
Name |
|
arc_priority |
priority |
priority |
Priority |
|
arc_requestClientApplication |
requestClientApplication |
requestClientApplication |
Request Client Application |
|
arc_requestContext |
requestContext |
requestContext |
Request Context |
|
arc_requestMethod |
requestMethod |
requestMethod |
Request Method |
|
arc_requestUrl |
requestUrl |
request |
Request URL |
|
arc_requestUrlFileName |
requestUrlFileName |
requestUrlFileName |
Request URL File Name |
|
arc_requestUrlQuery |
requestUrlQuery |
requestUrlQuery |
Request URL Query |
|
arc_sessionId |
sessionId |
sessionId |
Session Id |
|
arc_sourceAddress |
sourceAddress |
src |
Source Address |
|
arc_sourceHostName |
sourceHostName |
shost |
Source Host Name |
|
arc_sourceMacAddress |
sourceMacAddress |
smac |
Source Mac Address |
|
arc_sourceNtDomain |
sourceNtDomain |
sntdom |
Source NT Domain |
|
arc_sourcePort |
sourcePort |
spt |
Source Port |
|
arc_sourceProcessName |
sourceProcessName |
sproc |
Source Process Name |
|
arc_sourceServiceName |
sourceServiceName |
sourceServiceName |
Source Service Name |
|
arc_sourceTranslatedAddress |
sourceTranslatedAddress |
sourceTranslatedAddress |
Source Translated Address |
|
arc_sourceUserId |
sourceUserId |
suid |
Source User Id |
|
arc_sourceUserName |
sourceUserName |
suser |
Source User Name |
|
arc_sourceUserPrivileges |
sourceUserPrivileges |
spriv |
Source User Privileges |
|
arc_sourceZone |
sourceZone |
sourceZone |
Source Zone |
|
arc_sourceZoneName |
sourceZoneName |
sourceZoneName |
Source Zone Name |
|
arc_sourceZoneResource |
sourcezoneResource |
sourceZoneResource |
Source Zone Resource |
|
arc_sourceZoneURI |
sourceZoneURI |
sourceZoneURI |
Source Zone URI |
|
arc_startTime |
startTime |
start |
Start Time |
|
arc_transportProtocol |
transportProtocol |
proto |
Transport Protocol |
|
arc_type |
type |
type |
Type |
|
arc_vulnerabilityExternalID |
vulnerabilityExternalID |
vulnerabilityExternalID |
Vulnerability External Id |
|
arc_vulnerabilityURI |
VulnerabilityURI |
vulnerabilityURI |
Vulnerability URI |