File Names - Source/Destination/Client/Server

elastic / ecs

Elastic Common Schema

https://www.elastic.co/what-is/ecs

Apache License 2.0

1k stars 417 forks source link

File Names - Source/Destination/Client/Server #413

Open neu5ron opened 5 years ago

neu5ron commented 5 years ago

Looking into the ECS documentation there is file.name, however I would like to discuss and propose adding or documenting an additional file schema for source and destination (and or client/server where applicable).

This is especially useful in endpoint data and network transfers / file shares.

Moving or Copying File

scenario:

Renaming "payroll.docx" to "nothing_to_see_here.txt"

example:


"source.file.name": "payroll.docx",
"destination.file.name": "nothing_to_see_here.txt"

JoeySec commented 3 months ago

I am running into the same issue for ECS field mapping. I have an endpoint security data set that include source and destination folders paths and file names.