base

Top Level Fieldset: True

The base field set contains all fields which are at the root of the events. These fields are common across all types of events.

base Fields

@timestamp

Required Field: True
Type: DATETIME
Example: 2022-11-17T13:02:30.458Z
Detection Supported Field: False

Date/time when the event originated.

labels

Required Field: False
Type: OBJECT
Example: {'some_key': 'some_value'}
Detection Supported Field: False

Custom key/value pairs.

message

Required Field: False
Type: STRING
Example: This is a test ACES event
Detection Supported Field: True

A human-readable summary of the event.

tags

Required Field: False
Type: ARRAY
Example: ['example_tag']
Detection Supported Field: True

List of keywords used to tag each event.

version

Required Field: True
Type: STRING
Example: 2.0
Detection Supported Field: False

Version of ACES.