The Search AI Company

Build tailored experiences with Elastic.

Elastic Search AI Platform overview

Scale your business with Elastic Partners

Partner overview

ELK Stack

Search and analytics, data ingestion, and visualization – all at your fingertips.

ELK Stack overview

By developers, for developers

Elastic Cloud

Unlock the power of real-time insights with Elastic on your preferred cloud provider.

Elastic Cloud overview

Generative AI

Prototype and integrate with LLMs faster using search AI.

Generative AI overview

Search

Discover a world of AI possibilities — built with the power of search.

Search Labs

Search overview

Security

Protect, investigate, and respond to cyber threats with AI-driven security analytics.

Security Labs

Security overview

Observability

Unify app and infrastructure visibility to proactively resolve issues.

Observability Labs

Observability overview

By solution

See how customers search, solve, and succeed — all on one Search AI Platform.

All customer stories

Industries

Exceed customer expectations and go to market faster.

Industries overview

Customer spotlight

Cisco saves 5,000 support engineer hours per month

Sitecore automates 96 percent of security workflows with Elastic

Comcast transforms customer experiences with Elastic Observability

Research

Stay at the forefront of innovation with technical tips from the experts.

Build

Code with other developers to create a better Elastic, together.

Learn

Unleash the possibilities of your data and grow your skill set.

Connect

Keep informed about the latest tech and news from Elastic.

Have questions?

New

The executive guide to generative AI

About us Partners Support|Login

CEF fields

Module for receiving CEF logs over Syslog. The module adds vendor specific fields in addition to the fields the decode_cef processor provides.

forcepoint

Fields for Forcepoint Custom String mappings

forcepoint.virus_id: Virus ID

type: keyword

checkpoint

Fields for Check Point custom string mappings.

checkpoint.app_risk: Application risk.

type: keyword

checkpoint.app_severity: Application threat severity.

type: keyword

checkpoint.app_sig_id: The signature ID which the application was detected by.

type: keyword

checkpoint.auth_method: Password authentication protocol used.

type: keyword

checkpoint.category: Category.

type: keyword

checkpoint.confidence_level: Confidence level determined.

type: integer

checkpoint.connectivity_state: Connectivity state.

type: keyword

checkpoint.cookie: IKE cookie.

type: keyword

checkpoint.dst_phone_number: Destination IP-Phone.

type: keyword

checkpoint.email_control: Engine name.

type: keyword

checkpoint.email_id: Internal email ID.

type: keyword

checkpoint.email_recipients_num: Number of recipients.

type: long

checkpoint.email_session_id: Internal email session ID.

type: keyword

checkpoint.email_spool_id: Internal email spool ID.

type: keyword

checkpoint.email_subject: Email subject.

type: keyword

checkpoint.event_count: Number of events associated with the log.

type: long

checkpoint.frequency: Scan frequency.

type: keyword

checkpoint.icmp_type: ICMP type.

type: long

checkpoint.icmp_code: ICMP code.

type: long

checkpoint.identity_type: Identity type.

type: keyword

checkpoint.incident_extension: Format of original data.

type: keyword

checkpoint.integrity_av_invoke_type: Scan invoke type.

type: keyword

checkpoint.malware_family: Malware family.

type: keyword

checkpoint.peer_gateway: Main IP of the peer Security Gateway.

type: ip

checkpoint.performance_impact: Protection performance impact.

type: integer

checkpoint.protection_id: Protection malware ID.

type: keyword

checkpoint.protection_name: Specific signature name of the attack.

type: keyword

checkpoint.protection_type: Type of protection used to detect the attack.

type: keyword

checkpoint.scan_result: Scan result.

type: keyword

checkpoint.sensor_mode: Sensor mode.

type: keyword

checkpoint.severity: Threat severity.

type: keyword

checkpoint.spyware_name: Spyware name.

type: keyword

checkpoint.spyware_status: Spyware status.

type: keyword

checkpoint.subs_exp: The expiration date of the subscription.

type: date

checkpoint.tcp_flags: TCP packet flags.

type: keyword

checkpoint.termination_reason: Termination reason.

type: keyword

checkpoint.update_status: Update status.

type: keyword

checkpoint.user_status: User response.

type: keyword

checkpoint.uuid: External ID.

type: keyword

checkpoint.virus_name: Virus name.

type: keyword

checkpoint.voip_log_type: VoIP log types.

type: keyword

cef.extensions

Extra vendor-specific extensions.

cef.extensions.cp_app_risk: type: keyword
cef.extensions.cp_severity: type: keyword
cef.extensions.ifname: type: keyword
cef.extensions.inzone: type: keyword
cef.extensions.layer_uuid: type: keyword
cef.extensions.layer_name: type: keyword
cef.extensions.logid: type: keyword
cef.extensions.loguid: type: keyword
cef.extensions.match_id: type: keyword
cef.extensions.nat_addtnl_rulenum: type: keyword
cef.extensions.nat_rulenum: type: keyword
cef.extensions.origin: type: keyword
cef.extensions.originsicname: type: keyword
cef.extensions.outzone: type: keyword
cef.extensions.parent_rule: type: keyword
cef.extensions.product: type: keyword
cef.extensions.rule_action: type: keyword
cef.extensions.rule_uid: type: keyword
cef.extensions.sequencenum: type: keyword
cef.extensions.service_id: type: keyword
cef.extensions.version: type: keyword