NAv1 to NAv2 schema map
The following table lists direct mappings between NAv1 and NAv2 fields, when available, and provides related fields when there is no direct mapping available.
ipFlows1mGroups | magicTransitNetworkAnalytics-AdaptiveGroups / spectrumNetworkAnalytics-AdaptiveGroups |
dosdNetworkAnalytics-AdaptiveGroups | dosdAttackAnalytics-Groups | flowtrackdNetworkAnalytics-AdaptiveGroups | magicFirewallNetworkAnalytics-AdaptiveGroups |
---|---|---|---|---|---|
date
|
Related fields:
datetime
datetimeTenSeconds
|
Related fields:
datetime
datetimeTenSeconds
|
Related fields:
datetime
datetimeTenSeconds
|
Related fields:
datetime
datetimeTenSeconds
|
|
datetimeMinute
|
datetimeMinute
|
datetimeMinute
|
datetimeMinute
|
datetimeMinute
|
|
datetimeFiveMinutes
|
datetimeFiveMinutes
|
datetimeFiveMinutes
|
datetimeFiveMinutes
|
datetimeFiveMinutes
|
|
datetimeFifteenMinutes
|
datetimeFifteenMinutes
|
datetimeFifteenMinutes
|
datetimeFifteenMinutes
|
datetimeFifteenMinutes
|
|
datetimeHour
|
datetimeHour
|
datetimeHour
|
datetimeHour
|
datetimeHour
|
|
attackId *
|
attackId *
|
attackId *
|
|||
attackType
|
attackType
|
||||
attackMitigationType
|
mitigationType
|
||||
sourceIPCountry
|
sourceCountry
|
sourceCountry
|
sourceCountry
|
sourceCountry
|
|
sourceIPAsn
|
sourceAsn
|
sourceAsn
|
sourceAsn
|
sourceAsn
|
|
sourceIPASNDescription
|
Related field:
sourceGeohash
|
Related field:
sourceGeohash
|
Related field:
sourceGeohash
|
Related field:
sourceGeohash
|
|
coloCode
|
coloCode
|
coloCode
|
coloCode
|
coloCode
|
|
coloCity
|
coloCity
|
coloCity
|
coloCity
|
coloCity
|
|
coloCountry
|
coloCountry
|
coloCountry
|
coloCountry
|
coloCountry
|
|
coloRegion
|
Related field:
coloGeohash
|
Related field:
coloGeohash
|
Related field:
coloGeohash
|
Related field:
coloGeohash
|
|
ipFlows1mGroups | magicTransitNetworkAnalytics-AdaptiveGroups / spectrumNetworkAnalytics-AdaptiveGroups |
dosdNetworkAnalytics-AdaptiveGroups | dosdAttackAnalytics-Groups | flowtrackdNetworkAnalytics-AdaptiveGroups | magicFirewallNetworkAnalytics-AdaptiveGroups |
ipVersion
|
ethertype
|
ethertype
|
ethertype
|
ethertype
|
|
bits
|
ipTotalLength ( bits divided by 8)
|
ipTotalLength ( bits divided by 8)
|
bits
|
ipTotalLength ( bits divided by 8)
|
ipTotalLength ( bits divided by 8)
|
packets
|
n/a | n/a |
packets
|
n/a | n/a |
ipProtocol
|
ipProtocol
|
ipProtocol
|
ipProtocol
|
ipProtocol
|
ipProtocol
|
sourceIP
|
ipSourceAddress
|
ipSourceAddress
|
sourceIp
|
ipSourceAddress
|
ipSourceAddress
|
destinationIP
|
ipDestinationAddress
|
ipDestinationAddress
|
destinationIp
|
ipDestinationAddress
|
ipDestinationAddress
|
destinationIPv4Range24
|
ipDestinationSubnet
|
ipDestinationSubnet
|
ipDestinationSubnet
|
ipDestinationSubnet
|
|
destinationIPv4Range23
|
n/a | n/a | n/a | n/a | |
sourcePort
|
sourcePort
|
sourcePort
|
sourcePort
|
sourcePort
|
sourcePort
|
destinationPort
|
destinationPort
|
destinationPort
|
destinationPort
|
destinationPort
|
destinationPort
|
tcpFlags
|
tcpFlags
|
tcpFlags
|
tcpFlags
|
tcpFlags
|
tcpFlags
|
* The attackId
field value may be different between NAv1 and NAv2 for the same attack.