Field | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | |
hostname | str
| | | |
date | timestamp
| | | |
index | int4
| | | |
value__custom_detection | str
| | | |
value__filtered_by_user | bool
| | | |
value__sensor_name | str
| | | |
value__src_account__privilege_level | str
| | | |
value__src_account__threat | float8
| | | |
value__src_account__url | str
| | | |
value__src_account__certainty | float8
| | | |
value__src_account__id | float8
| | | |
value__src_account__name | str
| | | |
value__src_account__privilege_category | str
| | | |
value__src_ip_ipv4 | ip4
| | | |
value__src_ip_ipv6 | ip6
| | | |
value__url | str
| | | |
value__assigned_date | str
| | | |
value__filtered_by_ai | bool
| | | |
value__is_targeting_key_asset | bool
| | | |
value__note_modified_by | str
| | | |
value__detection | str
| | | |
value__detection_type | str
| | | |
value__groups__id | str
| Code Block |
---|
replace(replace(stringify(json(value__groups__id_array)), '[', ''), ']', '') |
| value__groups__id_array | |
value__groups__last_modified | str
| Code Block |
---|
join(value__groups__last_modified_array, ',') |
| value__groups__last_modified_array | |
value__groups__last_modified_by | str
| Code Block |
---|
join(value__groups__last_modified_by_array, ',') |
| value__groups__last_modified_by_array | |
value__groups__name | str
| Code Block |
---|
join(value__groups__name_array, ',') |
| value__groups__name_array | |
value__groups__type | str
| Code Block |
---|
join(value__groups__type_array, ',') |
| value__groups__type_array | |
value__groups__description | str
| Code Block |
---|
join(value__groups__description_array, ',') |
| value__groups__description_array | |
value__id | float8
| | | |
value__sensor | str
| | | |
value__c_score | float8
| | | |
value__note_modified_timestamp | str
| | | |
value__t_score | float8
| | | |
value__tags | str
| Code Block |
---|
join(value__tags_array, ',') |
| value__tags_array | |
value__threat | float8
| | | |
value__assigned_to | str
| | | |
value__category | str
| | | |
value__first_timestamp | timestamp
| | | |
value__last_timestamp | timestamp
| | | |
value__note | str
| | | |
value__summary__description | str
| | | |
value__summary__operations | str
| Code Block |
---|
join(value__summary__operations_array, ',') |
| value__summary__operations_array | |
value__summary__reasons | str
| Code Block |
---|
join(value__summary__reasons_array, ',') |
| value__summary__reasons_array | |
value__summary__shares | str
| Code Block |
---|
join(value__summary__shares_array, ',') |
| value__summary__shares_array | |
value__targets_key_asset | bool
| | | |
value__detection_category | str
| | | |
value__grouped_details__directories_table | str
| Code Block |
---|
join(value__grouped_details__directories_table_array, ',') |
| value__grouped_details__directories_table_array | |
value__grouped_details__files_shared | str
| Code Block |
---|
replace(replace(stringify(json(value__grouped_details__files_shared_array)), '[', ''), ']', '') |
| value__grouped_details__files_shared_array | |
value__grouped_details__last_timestamp | str
| Code Block |
---|
join(value__grouped_details__last_timestamp_array, ',') |
| value__grouped_details__last_timestamp_array | |
value__grouped_details__reason | str
| Code Block |
---|
join(value__grouped_details__reason_array, ',') |
| value__grouped_details__reason_array | |
value__grouped_details__target_table | str
| Code Block |
---|
join(value__grouped_details__target_table_array, ',') |
| value__grouped_details__target_table_array | |
value__grouped_details__user_agent | str
| Code Block |
---|
join(value__grouped_details__user_agent_array, ',') |
| value__grouped_details__user_agent_array | |
value__grouped_details__first_timestamp | str
| Code Block |
---|
join(value__grouped_details__first_timestamp_array, ',') |
| value__grouped_details__first_timestamp_array | |
value__grouped_details__operation | str
| Code Block |
---|
join(value__grouped_details__operation_array, ',') |
| value__grouped_details__operation_array | |
value__grouped_details__share | str
| Code Block |
---|
join(value__grouped_details__share_array, ',') |
| value__grouped_details__share_array | |
value__is_custom_model | bool
| | | |
value__notes__date_created | str
| Code Block |
---|
join(value__notes__date_created_array, ',') |
| value__notes__date_created_array | |
value__notes__date_modified | str
| Code Block |
---|
join(value__notes__date_modified_array, ',') |
| value__notes__date_modified_array | |
value__notes__id | str
| Code Block |
---|
replace(replace(stringify(json(value__notes__id_array)), '[', ''), ']', '') |
| value__notes__id_array | |
value__notes__modified_by | str
| Code Block |
---|
join(value__notes__modified_by_array, ',') |
| value__notes__modified_by_array | |
value__notes__note | str
| Code Block |
---|
join(value__notes__note_array, ',') |
| value__notes__note_array | |
value__notes__created_by | str
| Code Block |
---|
join(value__notes__created_by_array, ',') |
| value__notes__created_by_array | |
value__certainty | float8
| | | |
value__created_timestamp | timestamp
| | | |
value__data_source__connection_name | str
| | | |
value__data_source__type | str
| | | |
value__data_source__connection_id | str
| | | |
value__detection_url | str
| | | |
value__filtered_by_rule | bool
| | | |
value__is_marked_custom | bool
| | | |
value__description | str
| | | |
value__state | str
| | | |
value__triage_rule_id | float8
| | | |
hostchain | str
| | | ✓ |
tag | str
| | | ✓ |
rawMessage | str
| | | ✓ |