Group fields
Stack Serverless
The group fields are meant to represent groups that are relevant to the event.
| Field | Description | Level |
|---|---|---|
| group.domain | Name of the directory the group is a member of. For example, an LDAP or Active Directory domain name. type: keyword |
extended |
| group.id | Unique identifier for the group on the system/platform. type: keyword |
extended |
| group.name | Name of the group. type: keyword |
extended |
The group fields are expected to be nested at:
process.attested_groupsprocess.groupprocess.real_groupprocess.saved_groupprocess.supplemental_groupsuser.group
Note also that the group fields may be used directly at the root of the events.