This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Unified Data Model
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Documentation
- Threat Intelligence
- Unified Data Model
- RSA NetWitness® Suite Unified Data Model Discontinued Concepts
Product Resources
RSA NetWitness® Suite Unified Data Model Discontinued Concepts
RSA NetWitness® Suite Unified Data Model Discontinued Concepts
List of Discontinued Concepts
The following table lists all the keys or concepts that have been discontinued. For backward compatibility of existing analytical content and analysts used to these keys, we will continue to use these keys. The discontinued keys will be removed from the default Content, Index-concentrator.xml and Table-map.xml files in future releases. RSA advises that you start using the new Meta keys going forward.
| Discontinued Meta Key | Replaced by Meta key |
|---|---|
| ip.addr | alias.ip |
| ipv6.addr | alias.ipv6 |
| ip.srcport | port.src |
| ip.dstport | port.dst |
| stransaddr | ip.trans.src |
| dtransaddr | ip.trans.dst |
| stransport | port.trans.src |
| dtransport | port.trans.dst |
| network.port | port |
| ipv6.proto | ip.proto |
| privilege | permissions |
| username | user |
| orig_ip | ip.orig, ipv6.orig or host.orig based on usage |
| sdomain | domain.src |
| ddomain | domain.dst |
| ad.computer.src | host.src |
| ad.computer.dst | host.dst |
| ad.domain.src | domain.src |
| ad.domain.dst | domain.dst |
| ad.username.src | user.src |
| ad.username.dst | user.dst |
| ssl.ca | cert.ca |
| ssl.checksum | cert.checksum |
| ssl.common | cert.common |
| ssl.subject | cert.subject |
| ssl.ver.src | version |
| ssl.ver.dst | version |
| risk.warning | New Hunting Model (inv.*, ioc, boc, eoc, analysis.*) |
| risk.info | New Hunting Model (inv.*, ioc, boc, eoc, analysis.*) |
| risk.suspicious | New Hunting Model (inv.*, ioc, boc, eoc, analysis.*) |
| alert.id | New Hunting Model (inv.*, ioc, boc, eoc, analysis.*) |
| site.cat | category |
| event.class | Discontinued, no replacement |
| paddr | Discontinued, no replacement |
| process.time | duration.time |
| parent.pid | process.id.src |
| child.pid | process.id |
| eth.host | alias.mac |
| tcp.srcport | port.src |
| udp.srcport | port.src |
| tcp.dstport | port.dst |
| udp.dstport | port.dst |
No ratings
