Source Fields

Source Fields Schema
Field Name	Example Values	Field Type	Notes
`source_bytes_sent`	29834710	long	Network bytes sent by source, some sources may present this as source bytes tx, bytes tx or something similar.
`source_device_model`	iPad	keyword	Device Model Name
`source_device_vendor`	Apple, ASUS	keyword	Device Vendor Name
`source_hostname`	corpdc01, corpdc01.local, lab01.corpdomain.com	keyword (normalized:loweronly)	NetBIOS or dns hostname, converted to lowercase
`source_id`	09VX93DD	keyword	Identifying value for the source such as a serial number
`source_ip`	10.1.2.3, fe80:5cc3:11:4::2c	ip	IPv4 and IPv6 addresses
`source_ipv6`	fe80:5cc3:11:4::2c	ip	Only IPv6 addresses
`source_nat_ip`	10.1.2.3, fe80:5cc3:11:4::2c	ip	translated IP address assigned by a network device performing the NAT function
`source_nat_port`	2384	integer	translated network port assigned by a network device performing the NAT function
`source_os_name`	IOS, Android	keyword	Operating System Name
`source_os_version`	IOS 10.0	keyword	Version number of Operating System
`source_packets_sent`	23094823	long	Count of packets sent by source
`source_port`	45392	integer	numeric port, 0-65535
`source_port_iana_name`	ssh, ftp	keyword	The IANA-registered service name associated with the network application. Illuminate Core will use this value to define `source_port` in events that have `source_ip` defined if `source_port` is not already defined.
`source_region`	us-east-1	keyword	Name of region source device is located in
`source_type`		keyword	Source device information such as model number
`source_vm_name`		keyword	Virtual system name (not to be confused with the hostname)
`source_vsys_uuid`		keyword
`source_zone`		keyword

Derived and Enriched Fields (values will be derived or added from external sources)
Field Name	Example Values	Field Type	Notes
`source_as_*`			See: `as_* fields`
`source_category`		keyword	Future: from entity mapping
`source_geo_*`			See: `geo_* fields`
`source_location_name`	Chicago, US, Datacenter 01, Bismark - Finance	keyword	Field is derived either from an internal enterprise network definition or the Geo location fields if availble
`source_mac`	a0:b4:44:01:a9:d1	keyword	MAC address of host, colon-delimited and lower case
`source_priority`	critical, high, medium, low	keyword	Future: from entity mapping
`source_priority_level`	4-Jan	byte	Numeric value representing the priority of the source device, 1 = low, 2 = medium, 3 = high, 4 = critical
`source_reference`	IPv4,IPv6, hostname,fqdn	keyword (normalized:loweronly)	Automatically mapped from the following fields: `source_ip`, `source_hostname`, `source_vm_name`, `source_mac`