Data mapping 🏷️

Field mapping involves associating imported data with standardized fields to ensure consistent and efficient analysis.

Why use ECS?

• Simplification : Data from different sources is organized in a uniform manner.

• Compatibility : ECS improves compatibility between various tools.

• Efficiency : A standardized structure allows for faster and more accurate searches.

Example of ECS fields:

• source.ip : IP address of the source.

• event.type : Event type (error, access, etc.).

• @timestamp : Indicates the date and time of the event ( required )

Steps to configure field mapping

Once your data is imported or your source is connected, configure field mapping to ensure proper event analysis. Here are the steps:

1. Access the mapping screen :

After importing the data, the interface automatically redirects you to the mapping screen.

2. Check the detected fields :

   • Each field imported and listed.

   • Malizen automatically detects field types when possible.

     
     

3. Assign field types :

   • For each field, select or confirm its type according to ECS (Elastic Common Schema) standards.

   • For example, fields like time or timestamp must be associated with a temporal type to be used in investigations.

     
     

     

     
     

4. Enable or disable the fields :

   • Disable unnecessary fields to reduce overhead.

   • Use "Enable only valid" to display only valid fields.

     
     

5. Name your dataset :

   • Give the imported dataset a clear name to make it easy to find.

     
     
     
     

     

     
     

Up next

Troubleshooting mapping issues❗

Adjust field types or disable them to fix mapping errors.