NAv1 to NAv2 schema map
The following table lists direct mappings between NAv1 and NAv2 fields, when available, and provides related fields when there is no direct mapping available.
| ipFlows1mGroups | magicTransitNetworkAnalytics-AdaptiveGroups | dosdNetworkAnalytics-AdaptiveGroups | dosdAttackAnalytics-Groups | flowtrackdNetworkAnalytics-AdaptiveGroups | magicFirewallNetworkAnalytics-AdaptiveGroups |
|---|---|---|---|---|---|
date | Related fields:datetimedatetimeTenSeconds | Related fields:datetimedatetimeTenSeconds | Related fields:datetimedatetimeTenSeconds | Related fields:datetimedatetimeTenSeconds | |
datetimeMinute | datetimeMinute | datetimeMinute | datetimeMinute | datetimeMinute | |
datetimeFiveMinutes | datetimeFiveMinutes | datetimeFiveMinutes | datetimeFiveMinutes | datetimeFiveMinutes | |
datetimeFifteenMinutes | datetimeFifteenMinutes | datetimeFifteenMinutes | datetimeFifteenMinutes | datetimeFifteenMinutes | |
datetimeHour | datetimeHour | datetimeHour | datetimeHour | datetimeHour | |
attackId* | attackId* | attackId* | |||
attackType | attackType | ||||
attackMitigationType | mitigationType | ||||
sourceIPCountry | sourceCountry | sourceCountry | sourceCountry | sourceCountry | |
sourceIPAsn | sourceAsn | sourceAsn | sourceAsn | sourceAsn | |
sourceIPASNDescription | Related field:sourceGeohash | Related field:sourceGeohash | Related field:sourceGeohash | Related field:sourceGeohash | |
coloCode | coloCode | coloCode | coloCode | coloCode | |
coloCity | coloCity | coloCity | coloCity | coloCity | |
coloCountry | coloCountry | coloCountry | coloCountry | coloCountry | |
coloRegion | Related field:coloGeohash | Related field:coloGeohash | Related field:coloGeohash | Related field:coloGeohash | |
| ipFlows1mGroups | magicTransitNetworkAnalytics-AdaptiveGroups | dosdNetworkAnalytics-AdaptiveGroups | dosdAttackAnalytics-Groups | flowtrackdNetworkAnalytics-AdaptiveGroups | magicFirewallNetworkAnalytics-AdaptiveGroups |
ipVersion | ethertype | ethertype | ethertype | ethertype | |
bits | ipTotalLength( bits divided by 8) | ipTotalLength( bits divided by 8) | bits | ipTotalLength( bits divided by 8) | ipTotalLength( bits divided by 8) |
packets | n/a | n/a | packets | n/a | n/a |
ipProtocol | ipProtocol | ipProtocol | ipProtocol | ipProtocol | ipProtocol |
sourceIP | ipSourceAddress | ipSourceAddress | sourceIp | ipSourceAddress | ipSourceAddress |
destinationIP | ipDestinationAddress | ipDestinationAddress | destinationIp | ipDestinationAddress | ipDestinationAddress |
destinationIPv4Range24 | ipDestinationSubnet | ipDestinationSubnet | ipDestinationSubnet | ipDestinationSubnet | |
destinationIPv4Range23 | n/a | n/a | n/a | n/a | |
sourcePort | sourcePort | sourcePort | sourcePort | sourcePort | sourcePort |
destinationPort | destinationPort | destinationPort | destinationPort | destinationPort | destinationPort |
tcpFlags | tcpFlags | tcpFlags | tcpFlags | tcpFlags | tcpFlags |
* The attackId field value may be different between NAv1 and NAv2 for the same attack.