Mappings: Cisco ISE Events
| Input | Value |
|---|---|
| Vendor | cisco_ise |
| Product | cisco_ise |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Cisco Systems |
| Product | Identity Services Engine |
| Record Type | Authentication |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| device_hostname | AD-User-Qualified-Name | |
| normalizedAction | None | The static text logon is populated in this schema field. |
| srcDevice_hostname | AD-User-Qualified-Name | |
| success | None | The static text true is populated in this schema field. |
| user_authDomain | AD-Host-DNS-Domain | |
| user_username | AD-User-SamAccount-Name |