ECS Version:
Related
Fields meant to facilitate pivoting around a piece of data.
Fields
Field Summary
| Field | Type | Level | Description |
|---|---|---|---|
related.hash | keyword | Extended | All the hashes seen on your event. |
related.hosts | keyword | Extended | All the host identifiers seen on your event. |
related.ip | ip | Extended | All of the IPs seen on your event. |
related.user | keyword | Extended | All the user names or other user identifiers seen on the event. |
Field Details
related.hash
Type: keyword
Level: Extended
Description: All the hashes seen on your event.
Normalization: array
Indexed: true
related.hosts
Type: keyword
Level: Extended
Description: All the host identifiers seen on your event.
Normalization: array
Indexed: true
related.ip
Type: ip
Level: Extended
Description: All of the IPs seen on your event.
Normalization: array
Indexed: true
related.user
Type: keyword
Level: Extended
Description: All the user names or other user identifiers seen on the event.
Normalization: array
Indexed: true