Page Comparison

eventdate

timestamp

-

machine

str

-

activity_id

str

-

agent_id

str

-

aggregate_id

str

-

cid

str

-

composite_id

str

-

confidence

int4

-

context_timestamp

timestamp

-

crawl_edge_ids_sensor

str

-

crawl_vertex_ids_sensor

str

-

crawled_timestamp

str

-

created_timestamp

str

-

data_domains

str

-

description

str

-

display_name

str

-

end_time

timestamp

-

falcon_host_link

str

-

id

str

-

ldap_search_query_attack

str

-

name

str

-

objective

str

-

pattern_id

int4

-

poly_id

str

-

product

str

-

scenario

str

-

seconds_to_resolved

int4

-

seconds_to_triaged

int4

-

severity

int4

-

severity_name

str

-

show_in_ui

bool

-

source_account_domain

str

-

source_account_name

str

-

source_account_object_guid

str

-

source_account_object_sid

str

-

source_account_upn

str

-

source_endpoint_account_object_guid

str

-

source_endpoint_account_object_sid

str

-

source_endpoint_address_ipv4

ip4

-

source_endpoint_host_name

str

-

source_endpoint_address_ip

str

-

source_endpoint_sensor_id

str

-

source_products

str

-

source_vendors

str

-

start_time

timestamp

-

status

str

-

tactic

str

-

tactic_id

str

-

target_account_name

str

-

target_domain_controller_host_name

str

-

target_domain_controller_object_guid

str

-

target_domain_controller_object_sid

str

-

target_endpoint_account_object_guid

str

-

target_endpoint_account_object_sid

str

-

target_endpoint_host_name

str

-

target_endpoint_sensor_id

str

-

technique

str

-

technique_id

str

-

timestamp

timestamp

-

type

str

-

updated_timestamp

str

-

username

str

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

-

customerIDString

str

-

offset

int8

-

eventCreationTime

timestamp

-

version

str

-

eventType

str

-

ProcessStartTime

int8

-

ProcessEndTime

int8

-

ProcessId

int8

-

ParentProcessId

int8

-

ComputerName

str

-

UserName

str

-

DetectName

str

-

DetectDescription

str

-

Severity

int8

-

SeverityName

str

-

FileName

str

-

FilePath

str

-

CommandLine

str

-

SHA256String

str

-

MD5String

str

-

SHA1String

str

-

MachineDomain

str

-

ExecutablesWritten

json

-

FalconHostLink

str

-

SensorId

str

-

IOCType

str

-

IOCValue

str

-

DetectId

str

-

new_state

str

-

quarantined_file_id

str

-

action_taken

str

-

LocalIP

str

-

MACAddress

str

-

Tactic

str

-

Technique

str

-

Objective

str

-

UserId

str

-

UserIp

str

-

ServiceName

str

-

OperationName

str

-

UTCTimestamp

int8

-

ScanResults_Engine_str

str

-

ScanResults_ResultName_str

str

-

ScanResults_Version_str

str

-

ScanResults_Detected_str

str

-

PatternDispositionDescription

str

-

PatternDispositionValue

int8

-

PatternDispositionFlags_Indicator

bool

-

PatternDispositionFlags_Detect

bool

-

PatternDispositionFlags_InddetMask

bool

-

PatternDispositionFlags_SensorOnly

bool

-

PatternDispositionFlags_Rooting

bool

-

PatternDispositionFlags_KillProcess

bool

-

PatternDispositionFlags_KillSubProcess

bool

-

PatternDispositionFlags_QuarantineMachine

bool

-

PatternDispositionFlags_QuarantineFile

bool

-

PatternDispositionFlags_PolicyDisabled

bool

-

PatternDispositionFlags_KillParent

bool

-

PatternDispositionFlags_OperationBlocked

bool

-

PatternDispositionFlags_ProcessBlocked

bool

-

PatternDispositionFlags_SuspendParent

bool

-

PatternDispositionFlags_KillActionFailed

bool

-

PatternDispositionFlags_HandleOperationDowngraded

bool

-

PatternDispositionFlags_SuspendProcess

bool

-

PatternDispositionFlags_CriticalProcessDisabled

bool

-

PatternDispositionFlags_BootupSafeguardEnabled

bool

-

PatternDispositionFlags_RegistryOperationBlocked

bool

-

PatternDispositionFlags_BlockingUnsupportedOrDisabled

bool

-

PatternDispositionFlags_FsOperationBlocked

bool

-

ParentImageFileName

str

-

ParentCommandLine

str

-

GrandparentImageFileName

str

-

GrandparentCommandLine

str

-

QuarantineFiles_ImageFileName_str

str

-

QuarantineFiles_SHA256HashData_str

str

-

jsonEvent

json

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

machine

str

pattern_disposition_value

int4

pattern_disposition_description

str

severity_name

str

type

str

process_id

int8

tactic

str

file_path

str

severity

int4

user_name

str

event_sh_a1_string

str

composite_id

str

source_products

str

local_ipv6

str

event_sh_a256_string

str

agent_id

str

local_ip

ip4

source_vendors

str

event_ioa_rule_group_name

str

aggregate_id

str

host_groups

str

hostname

str

falcon_host_link

str

quarantine_machine

bool

process_blocked

bool

bootup_safeguard_enabled

bool

fs_operation_blocked

bool

quarantine_file

bool

kill_process

bool

kill_parent

bool

registry_operation_blocked

bool

indicator

bool

detect

bool

handle_operation_downgraded

bool

sensor_only

bool

rooting

bool

policy_disabled

bool

critical_process_disabled

bool

suspend_parent

bool

inddet_mask

bool

kill_sub_process

bool

suspend_process

bool

operation_blocked

bool

kill_action_failed

bool

blocking_unsupported_or_disabled

bool

process_end_time

int4

technique

str

event_md5_string

str

logon_domain

str

event_mac_address

str

command_line

str

pattern_id

int4

name

str

file_name

str

event_ioa_rule_name

str

objective

str

event_ioa_rule_instance_version

int4

description

str

process_start_time

timestamp

data_domains

str

event_ioa_rule_instance_id

str

parent_process_id

int8

at_devo_pulling_id

timestamp

metadata_offset

int8

metadata_event_type

str

metadata_event_creation_time

timestamp

metadata_customer_id_string

str

metadata_version

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓