⚠️ Outdated Version: You are viewing ECS version 8.17, which is outdated. View the latest version (9.0)

ECS Version:

Volume

Fields related to storage volume details.

Fields

Field Summary

Field	Type	Level	Description
`volume.bus_type`	keyword	Extended	Bus type of the device.
`volume.default_access`	keyword	Extended	Bus type of the device.
`volume.device_name`	keyword	Extended	Device name of the volume.
`volume.device_type`	keyword	Extended	Volume device type.
`volume.dos_name`	keyword	Extended	DOS name of the device.
`volume.file_system_type`	keyword	Extended	Volume device file system type.
`volume.mount_name`	keyword	Extended	Mount name of the volume.
`volume.nt_name`	keyword	Extended	NT name of the device.
`volume.product_id`	keyword	Extended	ProductID of the device.
`volume.product_name`	keyword	Extended	Produce name of the volume.
`volume.removable`	boolean	Extended	Indicates if the volume is removable.
`volume.serial_number`	keyword	Extended	Serial number of the device.
`volume.size`	long	Extended	Size of the volume device in bytes.
`volume.vendor_id`	keyword	Extended	VendorID of the device.
`volume.vendor_name`	keyword	Extended	Vendor name of the device.
`volume.writable`	boolean	Extended	Indicates if the volume is writable.

Field Details

`volume.bus_type`

Type: keyword

Level: Extended

Description: Bus type of the device.

Example: FileBackedVirtual

Indexed: true

`volume.default_access`

Type: keyword

Level: Extended

Description: Bus type of the device.

Indexed: true

`volume.device_name`

Type: keyword

Level: Extended

Description: Device name of the volume.

Indexed: true

`volume.device_type`

Type: keyword

Level: Extended

Description: Volume device type.

Example: CD-ROM File System

Indexed: true

`volume.dos_name`

Type: keyword

Level: Extended

Description: DOS name of the device.

Example: E:

Indexed: true

`volume.file_system_type`

Type: keyword

Level: Extended

Description: Volume device file system type.

Indexed: true

`volume.mount_name`

Type: keyword

Level: Extended

Description: Mount name of the volume.

Indexed: true

`volume.nt_name`

Type: keyword

Level: Extended

Description: NT name of the device.

Example: \Device\Cdrom1

Indexed: true

`volume.product_id`

Type: keyword

Level: Extended

Description: ProductID of the device.

Indexed: true

`volume.product_name`

Type: keyword

Level: Extended

Description: Produce name of the volume.

Example: Virtual DVD-ROM

Indexed: true

`volume.removable`

Type: boolean

Level: Extended

Description: Indicates if the volume is removable.

Indexed: true

`volume.serial_number`

Type: keyword

Level: Extended

Description: Serial number of the device.

Indexed: true

`volume.size`

Type: long

Level: Extended

Description: Size of the volume device in bytes.

Indexed: true

`volume.vendor_id`

Type: keyword

Level: Extended

Description: VendorID of the device.

Indexed: true

`volume.vendor_name`

Type: keyword

Level: Extended

Description: Vendor name of the device.

Example: Msft

Indexed: true

`volume.writable`

Type: boolean

Level: Extended

Description: Indicates if the volume is writable.

Indexed: true

User agent Vulnerability