• Elastic Common Schema (ECS) Reference: other versions:
  • Overview
  • Using ECS
    • Getting Started
    • Guidelines and Best Practices
      • Conventions
      • Implementation patterns
      • Mapping network events
    • Design Principles
    • Custom Fields
  • ECS Field Reference
    • Base Fields
    • Agent Fields
    • Autonomous System Fields
    • Client Fields
    • Cloud Fields
      • Cloud Fields Usage and Examples
    • Code Signature Fields
    • Container Fields
    • Data Stream Fields
    • Destination Fields
    • Device Fields
    • DLL Fields
    • DNS Fields
    • ECS Fields
    • ELF Header Fields
    • Email Fields
    • Error Fields
    • Event Fields
    • FaaS Fields
    • File Fields
    • Geo Fields
    • Group Fields
    • Hash Fields
    • Host Fields
    • HTTP Fields
    • Interface Fields
    • Log Fields
    • Mach-O Header Fields
    • Network Fields
    • Observer Fields
    • Orchestrator Fields
    • Organization Fields
    • Operating System Fields
    • Package Fields
    • PE Header Fields
    • Process Fields
    • Registry Fields
    • Related Fields
    • Risk information Fields
    • Rule Fields
    • Server Fields
    • Service Fields
      • Service Fields Usage and Examples
    • Source Fields
    • Threat Fields
      • Threat Fields Usage and Examples
    • TLS Fields
    • Tracing Fields
    • URL Fields
    • User Fields
      • User Fields Usage and Examples
    • User agent Fields
    • VLAN Fields
    • Volume Fields
    • Vulnerability Fields
    • x509 Certificate Fields
  • ECS Categorization Fields
    • ECS Categorization Field: event.kind
    • ECS Categorization Field: event.category
    • ECS Categorization Field: event.type
    • ECS Categorization Field: event.outcome
    • Using the Categorization Fields
  • Migrating to ECS
    • Products and Solutions that Support ECS
    • Map custom data to ECS
  • Additional Information
    • Questions and Answers
    • Glossary of ECS Terms
    • Contributing to ECS
    • Generated Artifacts
  • Release Notes
    • 8.16.0
    • 8.11.0
    • 8.10.0
    • 8.9.0
    • 8.8.0
    • 8.7.0
    • 8.6.1
    • 8.6.0
    • 8.5.2
    • 8.5.1
    • 8.5.0
    • 8.4.0
    • 8.3.1
    • 8.3.0
    • 8.2.1
    • 8.2.0
    • 8.1.0
    • 8.0.1
    • 8.0.0