Data Fields

This page references the various types of data fields utilized by the Elastic Stack in Security Onion.

ECS

We’ve begun transitioning to Elastic Common Schema (ECS). This is a work-in-progress and will continue as time goes on.

For more information about ECS, please see:

https://www.elastic.co/guide/en/ecs/current/ecs-reference.html

Fields

Alert Data Fields

Elastalert Fields

Zeek Fields

Template files

Fields are mapped to their proper type using template files found in /opt/so/conf/elasticsearch/templates/.