Skip to content
Analytics
Visit Analytics on GitHub
Set theme to dark (⇧+D)

NAv1 to NAv2 schema map

The following table lists direct mappings between NAv1 and NAv2 fields, when available, and provides related fields when there is no direct mapping available.

ipFlows1mGroupsmagicTransitNetworkAnalytics-AdaptiveGroupsdosdNetworkAnalytics-AdaptiveGroupsdosdAttackAnalytics-AdaptiveGroupsflowtrackdNetworkAnalytics-AdaptiveGroupsmagicFirewallNetworkAnalytics-AdaptiveGroups
dateRelated fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
Related fields:
datetime
datetimeTenSeconds
datetimeMinutedatetimeMinutedatetimeMinutedatetimeMinutedatetimeMinutedatetimeMinute
datetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutesdatetimeFiveMinutes
datetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutesdatetimeFifteenMinutes
datetimeHourdatetimeHourdatetimeHourdatetimeHourdatetimeHourdatetimeHour
attackId*attackId*attackId*
attackTypeattackType
attackMitigationTypeattackMitigationType
attackProtocolattackIpProtocol
attackDestinationIPattackDestinationIp
attackSourcePortattackSourcePort
attackDestinationPortattackDestinationPort
attackTcpFlagsattackTcpFlags
sourceIPCountrysourceCountrysourceCountrysourceCountrysourceCountrysourceCountry
sourceIPAsnsourceAsnsourceAsnsourceAsnsourceAsnsourceAsn
sourceIPASNDescriptionRelated field:
sourceGeohash
Related field:
sourceGeohash
Related field:
sourceGeohash
Related field:
sourceGeohash
Related field:
sourceGeohash
coloCodecoloCodecoloCodecoloCodecoloCodecoloCode
coloCitycoloCitycoloCitycoloCitycoloCitycoloCity
coloCountrycoloCountrycoloCountrycoloCountrycoloCountrycoloCountry
coloRegionRelated field:
coloGeohash
Related field:
coloGeohash
Related field:
coloGeohash
Related field:
coloGeohash
Related field:
coloGeohash
ipFlows1mGroupsmagicTransitNetworkAnalytics-AdaptiveGroupsdosdNetworkAnalytics-AdaptiveGroupsdosdAttackAnalytics-AdaptiveGroupsflowtrackdNetworkAnalytics-AdaptiveGroupsmagicFirewallNetworkAnalytics-AdaptiveGroups
ipVersionethertypeethertypeethertypeethertype
bits
(divided by 8)
ipTotalLengthipTotalLengthipTotalLengthipTotalLength
packetsn/an/an/an/a
ipProtocolipProtocolipProtocolipProtocolipProtocol
sourceIPipSourceAddressipSourceAddressipSourceAddressipSourceAddress
destinationIPipDestinationAddressipDestinationAddressipDestinationAddressipDestinationAddress
destinationIPv4Range24ipDestinationSubnetipDestinationSubnetipDestinationSubnetipDestinationSubnet
destinationIPv4Range23n/an/an/an/a
sourcePortsourcePortsourcePortsourcePortsourcePort
destinationPortdestinationPortdestinationPortdestinationPortdestinationPort
tcpFlagstcpFlagstcpFlagstcpFlagstcpFlags

* The attackId field value may be different between NAv1 and NAv2 for the same attack.