Versions Compared

Old Version 4

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Field

Type

Extra field

eventdate

timestamp

-

machine

str

-

activity_id

str

-

agent_id

str

-

aggregate_id

str

-

cid

str

-

composite_id

str

-

confidence

int4

-

context_timestamp

timestamp

-

crawl_edge_ids_sensor

str

-

crawl_vertex_ids_sensor

str

-

crawled_timestamp

str

-

created_timestamp

str

-

data_domains

str

-

description

str

-

display_name

str

-

end_time

timestamp

-

falcon_host_link

str

-

id

str

-

ldap_search_query_attack

str

-

name

str

-

objective

str

-

pattern_id

int4

-

poly_id

str

-

product

str

-

scenario

str

-

seconds_to_resolved

int4

-

seconds_to_triaged

int4

-

severity

int4

-

severity_name

str

-

show_in_ui

bool

-

source_account_domain

str

-

source_account_name

str

-

source_account_object_guid

str

-

source_account_object_sid

str

-

source_account_upn

str

-

source_endpoint_account_object_guid

str

-

source_endpoint_account_object_sid

str

-

source_endpoint_address_ipv4

ip4

-

source_endpoint_host_name

str

-

source_endpoint_address_ip

str

-

source_endpoint_sensor_id

str

-

source_products

str

-

source_vendors

str

-

start_time

timestamp

-

status

str

-

tactic

str

-

tactic_id

str

-

target_account_name

str

-

target_domain_controller_host_name

str

-

target_domain_controller_object_guid

str

-

target_domain_controller_object_sid

str

-

target_endpoint_account_object_guid

str

-

target_endpoint_account_object_sid

str

-

target_endpoint_host_name

str

-

target_endpoint_sensor_id

str

-

technique

str

-

technique_id

str

-

timestamp

timestamp

-

type

str

-

updated_timestamp

str

-

username

str

-

hostchain

str

tag

str

rawMessage

str

...

edr.crowdstrike.falconstreaming.auth_activity 

Field

Type

Extra Field

eventdate

timestamp

-

customerIDString

str

-

offset

int8

-

eventCreationTime

timestamp

-

version

str

-

eventType

str

-

ServiceName

str

-

OperationName

str

-

UTCTimestamp

timestamp

-

Success

bool

-

UserId

str

-

UserIp

ip4

-

target_name

str

-

target_user_uuid

str

-

target_cid

str

-

roles

str

-

scope

str

-

actor_user

str

-

actor_user_uuid

str

-

actor_cid

str

-

subscriptions

str

-

APIClientID

str

-

appId

str

-

eventType2

str

-

partition

str

-

offset2

str

-

id

str

-

name

str

-

trace_id

str

-

jsonEvent

json

-

hostchain

str

tag

str

rawMessage

str

...