Versions Compared

Old Version 2

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 3

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Field

Type

Extra Field

eventdate

timestamp

-

customerIDString

str

-

offset

int8

-

eventCreationTime

timestamp

-

version

str

-

eventType

str

-

ProcessStartTime

int8

-

ProcessEndTime

int8

-

ProcessId

int8

-

ParentProcessId

int8

-

ComputerName

str

-

UserName

str

-

DetectName

str

-

DetectDescription

str

-

Severity

int8

-

SeverityName

str

-

FileName

str

-

FilePath

str

-

CommandLine

str

-

SHA256String

str

-

MD5String

str

-

SHA1String

str

-

MachineDomain

str

-

ExecutablesWritten

json

-

FalconHostLink

str

-

SensorId

str

-

IOCType

str

-

IOCValue

str

-

DetectId

str

-

new_state

str

-

quarantined_file_id

str

-

action_taken

str

-

LocalIP

str

-

MACAddress

str

-

Tactic

str

-

Technique

str

-

Objective

str

-

UserId

str

-

UserIp

str

-

ServiceName

str

-

OperationName

str

-

UTCTimestamp

int8

-

ScanResults_Engine_str

str

-

ScanResults_ResultName_str

str

-

ScanResults_Version_str

str

-

ScanResults_Detected_str

str

-

PatternDispositionDescription

str

-

PatternDispositionValue

int8

-

PatternDispositionFlags_Indicator

bool

-

PatternDispositionFlags_Detect

bool

-

PatternDispositionFlags_InddetMask

bool

-

PatternDispositionFlags_SensorOnly

bool

-

PatternDispositionFlags_Rooting

bool

-

PatternDispositionFlags_KillProcess

bool

-

PatternDispositionFlags_KillSubProcess

bool

-

PatternDispositionFlags_QuarantineMachine

bool

-

PatternDispositionFlags_QuarantineFile

bool

-

PatternDispositionFlags_PolicyDisabled

bool

-

PatternDispositionFlags_KillParent

bool

-

PatternDispositionFlags_OperationBlocked

bool

-

PatternDispositionFlags_ProcessBlocked

bool

-

PatternDispositionFlags_SuspendParent

bool

-

PatternDispositionFlags_KillActionFailed

bool

-

PatternDispositionFlags_HandleOperationDowngraded

bool

-

PatternDispositionFlags_SuspendProcess

bool

-

PatternDispositionFlags_CriticalProcessDisabled

bool

-

PatternDispositionFlags_BootupSafeguardEnabled

bool

-

PatternDispositionFlags_RegistryOperationBlocked

bool

-

PatternDispositionFlags_BlockingUnsupportedOrDisabled

bool

-

PatternDispositionFlags_FsOperationBlocked

bool

-

ParentImageFileName

str

-

ParentCommandLine

str

-

GrandparentImageFileName

str

-

GrandparentCommandLine

str

-

QuarantineFiles_ImageFileName_str

str

-

QuarantineFiles_SHA256HashData_str

str

-

jsonEvent

json

-

hostchain

str

tag

str

rawMessage

str

edr.crowdstrike.falconstreaming.epp_detection_summary

Field

Type

Extra fields

eventdate

timestamp

machine

str

pattern_disposition_value

int4

pattern_disposition_description

str

severity_name

str

type

str

process_id

int8

tactic

str

file_path

str

severity

int4

user_name

str

event_sh_a1_string

str

composite_id

str

source_products

str

local_ipv6

str

event_sh_a256_string

str

agent_id

str

local_ip

ip4

source_vendors

str

event_ioa_rule_group_name

str

aggregate_id

str

host_groups

str

hostname

str

falcon_host_link

str

quarantine_machine

bool

process_blocked

bool

bootup_safeguard_enabled

bool

fs_operation_blocked

bool

quarantine_file

bool

kill_process

bool

kill_parent

bool

registry_operation_blocked

bool

indicator

bool

detect

bool

handle_operation_downgraded

bool

sensor_only

bool

rooting

bool

policy_disabled

bool

critical_process_disabled

bool

suspend_parent

bool

inddet_mask

bool

kill_sub_process

bool

suspend_process

bool

operation_blocked

bool

kill_action_failed

bool

blocking_unsupported_or_disabled

bool

process_end_time

int4

technique

str

event_md5_string

str

logon_domain

str

event_mac_address

str

command_line

str

pattern_id

int4

name

str

file_name

str

event_ioa_rule_name

str

objective

str

event_ioa_rule_instance_version

int4

description

str

process_start_time

timestamp

data_domains

str

event_ioa_rule_instance_id

str

parent_process_id

int8

at_devo_pulling_id

timestamp

metadata_offset

int8

metadata_event_type

str

metadata_event_creation_time

timestamp

metadata_customer_id_string

str

metadata_version

str

hostchain

str

tag

str

rawMessage

str

edr.crowdstrike.falconstreaming.external_api

Field

Type

Extra Field

eventdate

timestamp

-

customerIDString

str

-

offset

int8

-

eventCreationTime

timestamp

-

version

str

-

eventType

str

-

ProcessStartTime

int8

-

ProcessEndTime

int8

-

ProcessId

int8

-

ParentProcessId

int8

-

ComputerName

str

-

UserName

str

-

DetectName

str

-

DetectDescription

str

-

Severity

int8

-

SeverityName

str

-

FileName

str

-

FilePath

str

-

CommandLine

str

-

SHA256String

str

-

MD5String

str

-

SHA1String

str

-

MachineDomain

str

-

ExecutablesWritten

json

-

FalconHostLink

str

-

SensorId

str

-

IOCType

str

-

IOCValue

str

-

DetectId

str

-

new_state

str

-

quarantined_file_id

str

-

action_taken

str

-

LocalIP

str

-

MACAddress

str

-

Tactic

str

-

Technique

str

-

Objective

str

-

UserId

str

-

UserIp

str

-

ServiceName

str

-

OperationName

str

-

UTCTimestamp

int8

-

ScanResults_Engine_str

str

-

ScanResults_ResultName_str

str

-

ScanResults_Version_str

str

-

ScanResults_Detected_str

str

-

PatternDispositionDescription

str

-

PatternDispositionValue

int8

-

PatternDispositionFlags_Indicator

bool

-

PatternDispositionFlags_Detect

bool

-

PatternDispositionFlags_InddetMask

bool

-

PatternDispositionFlags_SensorOnly

bool

-

PatternDispositionFlags_Rooting

bool

-

PatternDispositionFlags_KillProcess

bool

-

PatternDispositionFlags_KillSubProcess

bool

-

PatternDispositionFlags_QuarantineMachine

bool

-

PatternDispositionFlags_QuarantineFile

bool

-

PatternDispositionFlags_PolicyDisabled

bool

-

PatternDispositionFlags_KillParent

bool

-

PatternDispositionFlags_OperationBlocked

bool

-

PatternDispositionFlags_ProcessBlocked

bool

-

PatternDispositionFlags_SuspendParent

bool

-

PatternDispositionFlags_KillActionFailed

bool

-

PatternDispositionFlags_HandleOperationDowngraded

bool

-

PatternDispositionFlags_SuspendProcess

bool

-

PatternDispositionFlags_CriticalProcessDisabled

bool

-

PatternDispositionFlags_BootupSafeguardEnabled

bool

-

PatternDispositionFlags_RegistryOperationBlocked

bool

-

PatternDispositionFlags_BlockingUnsupportedOrDisabled

bool

-

PatternDispositionFlags_FsOperationBlocked

bool

-

ParentImageFileName

str

-

ParentCommandLine

str

-

GrandparentImageFileName

str

-

GrandparentCommandLine

str

-

QuarantineFiles_ImageFileName_str

str

-

QuarantineFiles_SHA256HashData_str

str

-

jsonEvent

json

-

hostchain

str

tag

str

rawMessage

str

...