...
These are the fields displayed in these tables:
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field |
---|---|---|
eventdate |
| |
hostname |
| |
machine_type |
| |
file_internal_name |
| |
application |
| |
md5_hash |
| |
original_name |
| |
dg_custom_data_dg_scope |
| |
parent_application |
| |
process_directory |
| |
was_rule_violated |
| |
process_local_creation_time |
| |
process_path |
| |
process_file_extension |
| |
was_removable |
| |
dg_custom_data_dg_values |
| |
is_user_local_admin |
| |
event_display_name |
| |
dg_custom_data_dg_name |
| |
company_name |
| |
file_version |
| |
product_name |
| |
user_domain |
| |
mac_address |
| |
user |
| |
agent_version |
| |
unique_id |
| |
command_line |
| |
product_version |
| |
computer_name |
| |
application_internal_name |
| |
was_mobile_device |
| |
_time |
| |
operation_type |
| |
process_file_size |
| |
was_detail_blocked |
| |
process_domain |
| |
event_local_time |
| |
was_classified |
| |
file_description |
| |
parent_md5_hash |
| |
sha256_hash |
| |
process_pid |
| |
server_process_time |
| |
event_time |
| |
parent_process_internal_name |
| |
process_local_modify_time |
| |
x86_or_x64 |
| |
process_local_access_time |
| |
is_virtual_session |
| |
bytes_written |
| |
destination_drive_type |
| |
dg_src_dev_dev_prdname |
| |
source_was_classified |
| |
destination_file_extension |
| |
destination_file_name |
| |
attachment_file_size |
| |
dg_dst_dev_dev_bt |
| |
attachment_source_file_name |
| |
destination_was_classified |
| |
source_file_extension |
| |
dg_dst_dev_dev_dt |
| |
dg_src_dev_dev_dt |
| |
attachment_source_file_path |
| |
destination_file_encryption |
| |
dg_dst_dev_dev_vendor |
| |
dg_src_dev_dev_bt |
| |
dg_dst_dev_dev_prdname |
| |
dg_src_dev_dev_vendor |
| |
destination_bus_type |
| |
attachment_source_directory |
| |
attachment_source_drive_type |
| |
source_is_removable |
| |
source_file_encryption |
| |
destination_file_path |
| |
destination_is_removable |
| |
destination_directory |
| |
bytes_read |
| |
dns_hostname |
| |
url_path |
| |
dg_alert_dg_policy_dg_category_name |
| |
was_private_address |
| |
dg_alert_dg_category_name |
| |
network_direction |
| |
source_ip_address |
| |
dg_alert_alert_etu |
| |
wireless_ssid |
| |
remote_port |
| |
dg_alert_dg_rule_action_type |
| |
dg_alert_alert_ur |
| |
adapter_name |
| |
dg_alert_dg_name |
| |
was_wireless |
| |
local_port |
| |
dg_alert_alert_at |
| |
dg_alert_alert_al |
| |
protocol |
| |
dg_alert_alert_wb |
| |
dg_alert_alert_etl |
| |
dg_alert_dg_policy_dg_name |
| |
dg_alert_dg_detection_source |
| |
encryption_status |
| |
dg_alert_alert_bc |
| |
ip_address |
| |
was_mobile_copy |
| |
dg_recipients_uad_mr |
| |
dg_attachments_dg_src_dir |
| |
dg_attachments_dg_file_size |
| |
event_was_blocked |
| |
event_has_rule_violation |
| |
dg_recipients_uad_mrt |
| |
dg_attachments_uad_sdt |
| |
email_subject |
| |
dg_attachments_uad_sp |
| |
email_sender |
| |
dg_attachments_dg_src_file_name |
| |
dg_recipients_dg_rec_email_domain |
| |
url_host |
| |
url_context_path |
| |
url_port |
| |
url_scheme |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field | Field transformation | Source field name | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
priority |
| |||||
Agent_Local_Time |
| |||||
Agent_UTC_Time |
| |||||
timestamp |
|
| Agent_UTC_Time_TZ | |||
Application |
| |||||
Computer_Name |
|
| Computer_Name_wDomain Computer_Name_tmp Computer_Name_len | |||
Domain |
|
| Computer_Name_tmp Computer_Name_len | |||
Computer_Type |
| |||||
Email_Sender |
| |||||
Email_Subject |
| |||||
Operation |
| |||||
Policy |
| |||||
Rule |
| |||||
Rule_Category |
| |||||
Severity |
| |||||
User_Response |
| |||||
Was_Blocked |
| |||||
Destination_Directory |
| |||||
Destination_File |
| |||||
Destination_File_Encryption |
| |||||
DNS_Hostname |
| |||||
Email_Recipient |
| |||||
Email_Recipient_Type |
| |||||
IP_Address |
| |||||
Local_Port |
| |||||
Network_Direction |
| |||||
Object_Type |
| |||||
Printer |
| |||||
Printer_Jobname |
| |||||
Protocol |
| |||||
Remote_Port |
| |||||
Source_Directory |
| |||||
Source_File |
| |||||
Source_File_Encryption |
| |||||
URL_Path |
| |||||
Was_Destination_Classified |
| |||||
Was_Destination_Removable |
| |||||
Was_S_MIME_Encrypted |
| |||||
Was_S_MIME_Signed |
| |||||
Was_Source_Classified |
| |||||
Source_Drive_Type |
| |||||
Source_Device_ID |
| |||||
Destination_Drive_Type |
| |||||
Destination_Device_ID |
| |||||
Email_Address |
| |||||
User_Name |
|
| User_Name_tmp User_Name_wDomain User_Name_len | |||
Custom_Int_4 |
| |||||
Custom_String_1 |
| |||||
Custom_String_3 |
| |||||
Custom_String_4 |
| |||||
Detail_Event_ID |
| |||||
Dll_SHA1_Hash |
| |||||
Dll_SHA256_Hash |
| |||||
Registry_Value |
| |||||
Event_ID |
| |||||
Detail_File_Size_MB |
| |||||
Destination_Device_Friendly_Name |
| |||||
Destination_Device_Product_ID |
| |||||
Destination_Device_Product_Name |
| |||||
Destination_Device_Serial_Number |
| |||||
Destination_Device_Vendor |
| |||||
Destination_Device_Vendor_ID |
| |||||
Prompt_Survey_Text |
| |||||
Source_Device_Friendly_Name |
| |||||
Source_Device_Product_ID |
| |||||
Source_Device_Product_Name |
| |||||
Source_Device_Serial_Number |
| |||||
Source_Device_Vendor |
| |||||
Source_Device_Vendor_ID |
| |||||
Source_IP_Address |
| |||||
Alert_ID |
| |||||
Server_Local_Timestamp |
| |||||
User_Name_Text |
| |||||
Category |
| |||||
Detail |
| |||||
message |
| rawSource | ||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ | rawSource |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field | Source field name |
---|---|---|---|
eventdate |
| ||
priority |
| ||
Server_Local_Timestamp |
| ||
User_Name_Text |
| ||
Category |
| ||
Detail |
| ||
hostchain |
| ✓ | |
tag |
| ✓ | |
rawMessage |
| ✓ | rawSource |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field | Source field name |
---|---|---|---|
eventdate |
| ||
priority |
| ||
Event_ID |
| ||
Detail_Classification_Policy |
| ||
hostchain |
| ✓ | |
tag |
| ✓ | |
rawMessage |
| ✓ | rawSource |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field |
---|---|---|
eventdate |
| |
Agent_Local_Date |
| |
Agent_Local_Time |
| |
Agent_UTC_Time |
| |
Application |
| |
Computer_Name |
| |
Computer_Type |
| |
DNS_Hostname |
| |
Email_Sender |
| |
Email_Subject |
| |
Event_ID |
| |
Detail_Event_ID |
| |
IP_Address |
| |
Local_Port |
| |
Network_Direction |
| |
Operation |
| |
Protocol |
| |
Remote_Port |
| |
URL_Path |
| |
Was_Classified |
| |
Was_Removable |
| |
Was_Rule_Violation |
| |
Was_S_MIME_Encrypted |
| |
Was_S_MIME_Signed |
| |
Device_ID |
| |
Drive_Type |
| |
Friendly_Name |
| |
Product_ID |
| |
Removal_Policy |
| |
Serial_Number |
| |
Vendor |
| |
Vendor_ID |
| |
Destination_Directory |
| |
Destination_File |
| |
Destination_File_Extension |
| |
Email_Domain_Name |
| |
Email_Recipient |
| |
Printer |
| |
Printer_Jobname |
| |
Source_Directory |
| |
Source_File |
| |
Source_File_Extension |
| |
User_Response |
| |
Was_Destination_Classified |
| |
Was_Detail_Rule_Violation |
| |
Was_Source_Classified |
| |
Was_Source_Removable |
| |
Source_Drive_Type |
| |
Source_Device_ID |
| |
Destination_Drive_Type |
| |
Destination_Device_ID |
| |
Domain_Name |
| |
Email_Address |
| |
User_ID |
| |
User_Name |
| |
Custom_String_1 |
| |
Custom_String_3 |
| |
Custom_String_4 |
| |
Company_Name |
| |
Product_Name |
| |
Product_Version |
| |
Scan_Value_Status |
| |
Scan_Value_Status_Local_Time |
| |
Scan_Value_Status_Text |
| |
Dll_SHA1_Hash |
| |
Dll_SHA256_Hash |
| |
Parent_Application_V2 |
| |
Parent_MD5_Checksum_V2 |
| |
Destination_Device_Friendly_Name |
| |
Destination_Device_Product_ID |
| |
Destination_Device_Product_Name |
| |
Destination_Device_Serial_Number |
| |
Destination_Device_Vendor |
| |
Destination_Device_Vendor_ID |
| |
Rule |
| |
Source_Device_Friendly_Name |
| |
Source_Device_Serial_Number |
| |
Source_Device_Product_ID |
| |
Source_Device_Product_Name |
| |
Source_Device_Vendor |
| |
Source_Device_Vendor_ID |
| |
Was_Blocked |
| |
MD5_Checksum |
| |
Dll_Created_Local_Time |
| |
Detail_File_Size_MB |
| |
Detail_Classification_Content_Pattern |
| |
Detail_Classification_Frequency |
| |
Detail_Classification_Policy |
| |
Detail_Classification_Rule |
| |
Detail_Classification_Type |
| |
Source_IP_Address |
| |
Registry_Value |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field | Source field name |
---|---|---|---|
eventdate |
| ||
type |
| vtype | |
message |
| rawSource | |
hostchain |
| ✓ | |
tag |
| ✓ | |
rawMessage |
| ✓ | rawSource |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field |
---|---|---|
eventdate |
| |
hostname |
| |
incident_id |
| |
managed_device_id |
| |
number_of_incidents |
| |
incident_status |
| |
matched_policies_by_severity |
| |
action_taken |
| |
matches |
| |
protocol |
| |
http_url |
| |
inspected_document |
| |
source |
| |
source_ip |
| |
source_port |
| |
destination |
| |
destination_ip |
| |
destination_port |
| |
email_subject |
| |
email_sender |
| |
email_recipients |
| |
timestamp |
| |
managed_device_name |
| |
incidents_url |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field |
---|---|---|
eventdate |
| |
hostname |
| |
category |
| |
managed_device_id |
| |
managed_device_name |
| |
managed_device_ip |
| |
source_ip |
| |
source_user |
| |
timestamp |
| |
summary |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra field | Source field name |
---|---|---|---|
eventdate |
| ||
hostchain |
| ✓ | |
tag |
| ✓ | |
rawMessage |
| ✓ | rawSource |