...
These are the fields displayed in these tables:
dlp.digitalguardian.arc.events
dlp.digitalguardian.endpointdlp.alerts
dlp.digitalguardian.endpointdlp.audit
dlp.digitalguardian.endpointdlp.classification
dlp.digitalguardian.endpointdlp.events
dlp.digitalguardian.endpointdlp
dlp.digitalguardian.networkdlp.events
dlp.digitalguardian.networkdlp.system
dlp.digitalguardian.networkdlp
dlp.digitalguardian.arc.events
Field | Type | Extra field |
|---|---|---|
eventdate |
| |
hostname |
| |
machine_type |
| |
file_internal_name |
| |
application |
| |
md5_hash |
| |
original_name |
| |
dg_custom_data_dg_scope |
| |
parent_application |
| |
process_directory |
| |
was_rule_violated |
| |
process_local_creation_time |
| |
process_path |
| |
process_file_extension |
| |
was_removable |
| |
dg_custom_data_dg_values |
| |
is_user_local_admin |
| |
event_display_name |
| |
dg_custom_data_dg_name |
| |
company_name |
| |
file_version |
| |
product_name |
| |
user_domain |
| |
mac_address |
| |
user |
| |
agent_version |
| |
unique_id |
| |
command_line |
| |
product_version |
| |
computer_name |
| |
application_internal_name |
| |
was_mobile_device |
| |
_time |
| |
operation_type |
| |
process_file_size |
| |
was_detail_blocked |
| |
process_domain |
| |
event_local_time |
| |
was_classified |
| |
file_description |
| |
parent_md5_hash |
| |
sha256_hash |
| |
process_pid |
| |
server_process_time |
| |
event_time |
| |
parent_process_internal_name |
| |
process_local_modify_time |
| |
x86_or_x64 |
| |
process_local_access_time |
| |
is_virtual_session |
| |
bytes_written |
| |
destination_drive_type |
| |
dg_src_dev_dev_prdname |
| |
source_was_classified |
| |
destination_file_extension |
| |
destination_file_name |
| |
attachment_file_size |
| |
dg_dst_dev_dev_bt |
| |
attachment_source_file_name |
| |
destination_was_classified |
| |
source_file_extension |
| |
dg_dst_dev_dev_dt |
| |
dg_src_dev_dev_dt |
| |
attachment_source_file_path |
| |
destination_file_encryption |
| |
dg_dst_dev_dev_vendor |
| |
dg_src_dev_dev_bt |
| |
dg_dst_dev_dev_prdname |
| |
dg_src_dev_dev_vendor |
| |
destination_bus_type |
| |
attachment_source_directory |
| |
attachment_source_drive_type |
| |
source_is_removable |
| |
source_file_encryption |
| |
destination_file_path |
| |
destination_is_removable |
| |
destination_directory |
| |
bytes_read |
| |
dns_hostname |
| |
url_path |
| |
dg_alert_dg_policy_dg_category_name |
| |
was_private_address |
| |
dg_alert_dg_category_name |
| |
network_direction |
| |
source_ip_address |
| |
dg_alert_alert_etu |
| |
wireless_ssid |
| |
remote_port |
| |
dg_alert_dg_rule_action_type |
| |
dg_alert_alert_ur |
| |
adapter_name |
| |
dg_alert_dg_name |
| |
was_wireless |
| |
local_port |
| |
dg_alert_alert_at |
| |
dg_alert_alert_al |
| |
protocol |
| |
dg_alert_alert_wb |
| |
dg_alert_alert_etl |
| |
dg_alert_dg_policy_dg_name |
| |
dg_alert_dg_detection_source |
| |
encryption_status |
| |
dg_alert_alert_bc |
| |
ip_address |
| |
was_mobile_copy |
| |
dg_recipients_uad_mr |
| |
dg_attachments_dg_src_dir |
| |
dg_attachments_dg_file_size |
| |
event_was_blocked |
| |
event_has_rule_violation |
| |
dg_recipients_uad_mrt |
| |
dg_attachments_uad_sdt |
| |
email_subject |
| |
dg_attachments_uad_sp |
| |
email_sender |
| |
dg_attachments_dg_src_file_name |
| |
dg_recipients_dg_rec_email_domain |
| |
url_host |
| |
url_context_path |
| |
url_port |
| |
url_scheme |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
...