Field | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | |
hostname | str
| | | |
agentDetectionInfo__accountId | str
| | | |
agentDetectionInfo__accountName | str
| | | |
agentDetectionInfo__agentDomain | str
| | | |
agentDetectionInfo__agentIpV4 | ip4
| | | |
agentDetectionInfo__agentIpV6 | str
| | | |
agentDetectionInfo__agentLastLoggedInUserName | str
| | | |
agentDetectionInfo__agentMitigationMode | str
| | | |
agentDetectionInfo__agentOsName | str
| | | |
agentDetectionInfo__agentOsRevision | str
| | | |
agentDetectionInfo__agentRegisteredAt | timestamp
| | | |
agentDetectionInfo__agentUuid | str
| | | |
agentDetectionInfo__agentVersion | str
| | | |
agentDetectionInfo__externalIp | str
| | | |
agentDetectionInfo__externalIp4 | ip4
| Code Block |
---|
ip4(agentDetectionInfo__externalIp) |
| agentDetectionInfo__externalIp | |
agentDetectionInfo__externalIp6 | ip6
| Code Block |
---|
ip6(agentDetectionInfo__externalIp) |
| agentDetectionInfo__externalIp | |
agentDetectionInfo__groupId | str
| | | |
agentDetectionInfo__groupName | str
| | | |
agentDetectionInfo__siteId | str
| | | |
agentDetectionInfo__siteName | str
| | | |
agentRealtimeInfo__accountId | str
| | | |
agentRealtimeInfo__accountName | str
| | | |
agentRealtimeInfo__activeThreats | int4
| | | |
agentRealtimeInfo__agentComputerName | str
| | | |
agentRealtimeInfo__agentDecommissionedAt | bool
| | | |
agentRealtimeInfo__agentDomain | str
| | | |
agentRealtimeInfo__agentId | str
| | | |
agentRealtimeInfo__agentInfected | bool
| | | |
agentRealtimeInfo__agentIsActive | bool
| | | |
agentRealtimeInfo__agentIsDecommissioned | bool
| | | |
agentRealtimeInfo__agentMachineType | str
| | | |
agentRealtimeInfo__agentMitigationMode | str
| | | |
agentRealtimeInfo__agentNetworkStatus | str
| | | |
agentRealtimeInfo__agentOsName | str
| | | |
agentRealtimeInfo__agentOsRevision | str
| | | |
agentRealtimeInfo__agentOsType | str
| | | |
agentRealtimeInfo__agentUuid | str
| | | |
agentRealtimeInfo__agentVersion | str
| | | |
agentRealtimeInfo__groupId | str
| | | |
agentRealtimeInfo__groupName | str
| | | |
agentRealtimeInfo__networkInterfaces | str
| | | |
agentRealtimeInfo__operationalState | str
| | | |
agentRealtimeInfo__rebootRequired | bool
| | | |
agentRealtimeInfo__scanAbortedAt | timestamp
| | | |
agentRealtimeInfo__scanFinishedAt | timestamp
| | | |
agentRealtimeInfo__scanStartedAt | timestamp
| | | |
agentRealtimeInfo__scanStatus | str
| | | |
agentRealtimeInfo__siteId | str
| | | |
agentRealtimeInfo__siteName | str
| | | |
agentRealtimeInfo__storageName | str
| | | |
agentRealtimeInfo__storageType | str
| | | |
agentRealtimeInfo__userActionsNeeded | str
| | | |
containerInfo__id | str
| | | |
containerInfo__image | str
| | | |
containerInfo__labels | str
| | | |
containerInfo__name | str
| | | |
id | str
| | | |
indicators | str
| | | |
kubernetesInfo__cluster | str
| | | |
kubernetesInfo__controllerKind | str
| | | |
kubernetesInfo__controllerLabels | str
| | | |
kubernetesInfo__controllerName | str
| | | |
kubernetesInfo__namespace | str
| | | |
kubernetesInfo__namespaceLabels | str
| | | |
kubernetesInfo__node | str
| | | |
kubernetesInfo__pod | str
| | | |
kubernetesInfo__podLabels | str
| | | |
mitigationStatus | str
| | | |
threatInfo__analystVerdict | str
| | | |
threatInfo__analystVerdictDescription | str
| | | |
threatInfo__automaticallyResolved | bool
| | | |
threatInfo__browserType | str
| | | |
threatInfo__certificateId | str
| | | |
threatInfo__classification | str
| | | |
threatInfo__classificationSource | str
| | | |
threatInfo__cloudFilesHashVerdict | str
| | | |
threatInfo__collectionId | str
| | | |
threatInfo__confidenceLevel | str
| | | |
threatInfo__createdAt | timestamp
| | | |
threatInfo__detectionEngines | str
| | | |
threatInfo__detectionType | str
| | | |
threatInfo__engines | str
| | | |
threatInfo__externalTicketExists | bool
| | | |
threatInfo__externalTicketId | str
| | | |
threatInfo__failedActions | bool
| | | |
threatInfo__fileExtension | str
| | | |
threatInfo__fileExtensionType | str
| | | |
threatInfo__filePath | str
| | | |
threatInfo__fileSize | int8
| | | |
threatInfo__fileVerificationType | str
| | | |
threatInfo__identifiedAt | timestamp
| | | |
threatInfo__incidentStatus | str
| | | |
threatInfo__incidentStatusDescription | str
| | | |
threatInfo__initiatedBy | str
| | | |
threatInfo__initiatedByDescription | str
| | | |
threatInfo__initiatingUserId | str
| | | |
threatInfo__initiatingUsername | str
| | | |
threatInfo__isFileless | bool
| | | |
threatInfo__isValidCertificate | bool
| | | |
threatInfo__maliciousProcessArguments | str
| | | |
threatInfo__md5 | str
| | | |
threatInfo__mitigatedPreemptively | bool
| | | |
threatInfo__mitigationStatus | str
| | | |
threatInfo__mitigationStatusDescription | str
| | | |
threatInfo__originatorProcess | str
| | | |
threatInfo__pendingActions | bool
| | | |
threatInfo__processUser | str
| | | |
threatInfo__publisherName | str
| | | |
threatInfo__reachedEventsLimit | bool
| | | |
threatInfo__rebootRequired | bool
| | | |
threatInfo__sha1 | str
| | | |
threatInfo__sha256 | str
| | | |
threatInfo__storyline | str
| | | |
threatInfo__threatId | str
| | | |
threatInfo__threatName | str
| | | |
threatInfo__updatedAt | timestamp
| | | |
whiteningOptions | str
| | | |
hostchain | str
| | | ✓ |
tag | str
| | | ✓ |
rawMessage | str
| | | ✓ |