Versions Compared

Old Version 4

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version Current

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

These are the fields displayed in these tables:

Anchor
tag1
tag1
dlp.digitalguardian.arc.events

Field

Type

Extra field

eventdate

timestamp

hostname

str

machine_type

str

file_internal_name

str

application

str

md5_hash

str

original_name

str

dg_custom_data_dg_scope

str

parent_application

str

process_directory

str

was_rule_violated

str

process_local_creation_time

str

process_path

str

process_file_extension

str

was_removable

str

dg_custom_data_dg_values

str

is_user_local_admin

str

event_display_name

str

dg_custom_data_dg_name

str

company_name

str

file_version

str

product_name

str

user_domain

str

mac_address

str

user

str

agent_version

str

unique_id

str

command_line

str

product_version

str

computer_name

str

application_internal_name

str

was_mobile_device

str

_time

timestamp

operation_type

str

process_file_size

str

was_detail_blocked

str

process_domain

str

event_local_time

str

was_classified

str

file_description

str

parent_md5_hash

str

sha256_hash

str

process_pid

int4

server_process_time

timestamp

event_time

str

parent_process_internal_name

str

process_local_modify_time

str

x86_or_x64

str

process_local_access_time

str

is_virtual_session

str

bytes_written

str

destination_drive_type

str

dg_src_dev_dev_prdname

str

source_was_classified

str

destination_file_extension

str

destination_file_name

str

attachment_file_size

str

dg_dst_dev_dev_bt

str

attachment_source_file_name

str

destination_was_classified

str

source_file_extension

str

dg_dst_dev_dev_dt

str

dg_src_dev_dev_dt

str

attachment_source_file_path

str

destination_file_encryption

str

dg_dst_dev_dev_vendor

str

dg_src_dev_dev_bt

str

dg_dst_dev_dev_prdname

str

dg_src_dev_dev_vendor

str

destination_bus_type

str

attachment_source_directory

str

attachment_source_drive_type

str

source_is_removable

str

source_file_encryption

str

destination_file_path

str

destination_is_removable

str

destination_directory

str

bytes_read

str

dns_hostname

str

url_path

str

dg_alert_dg_policy_dg_category_name

str

was_private_address

str

dg_alert_dg_category_name

str

network_direction

str

source_ip_address

str

dg_alert_alert_etu

str

wireless_ssid

str

remote_port

str

dg_alert_dg_rule_action_type

str

dg_alert_alert_ur

str

adapter_name

str

dg_alert_dg_name

str

was_wireless

str

local_port

str

dg_alert_alert_at

str

dg_alert_alert_al

str

protocol

str

dg_alert_alert_wb

str

dg_alert_alert_etl

str

dg_alert_dg_policy_dg_name

str

dg_alert_dg_detection_source

str

encryption_status

str

dg_alert_alert_bc

str

ip_address

str

was_mobile_copy

str

dg_recipients_uad_mr

str

dg_attachments_dg_src_dir

str

dg_attachments_dg_file_size

str

event_was_blocked

str

event_has_rule_violation

str

dg_recipients_uad_mrt

str

dg_attachments_uad_sdt

str

email_subject

str

dg_attachments_uad_sp

str

email_sender

str

dg_attachments_dg_src_file_name

str

dg_recipients_dg_rec_email_domain

str

url_host

str

url_context_path

str

url_port

int4

url_scheme

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag2
tag2
dlp.digitalguardian.endpointdlp.alerts

Field

Type

Extra field

Field transformation

Source field name

eventdate

timestamp

priority

int4

Agent_Local_Time

str

Agent_UTC_Time

str

timestamp

timestamp

Code Block
parsedate(Agent_UTC_Time_TZ, "MM/DD/YYYY h:mm:ss AZZ")

Agent_UTC_Time_TZ

Application

str

Computer_Name

str

Code Block
ifthenelse(Computer_Name_len > 1, Computer_Name_tmp[1], Computer_Name_wDomain)

Computer_Name_wDomain

Computer_Name_tmp

Computer_Name_len

Domain

str

Code Block
ifthenelse(Computer_Name_len > 1, Computer_Name_tmp[0], null)

Computer_Name_tmp

Computer_Name_len

Computer_Type

str

Email_Sender

str

Email_Subject

str

Operation

str

Policy

str

Rule

str

Rule_Category

str

Severity

str

User_Response

str

Was_Blocked

str

Destination_Directory

str

Destination_File

str

Destination_File_Encryption

str

DNS_Hostname

str

Email_Recipient

str

Email_Recipient_Type

str

IP_Address

str

Local_Port

str

Network_Direction

str

Object_Type

str

Printer

str

Printer_Jobname

str

Protocol

str

Remote_Port

str

Source_Directory

str

Source_File

str

Source_File_Encryption

str

URL_Path

str

Was_Destination_Classified

str

Was_Destination_Removable

str

Was_S_MIME_Encrypted

str

Was_S_MIME_Signed

str

Was_Source_Classified

str

Source_Drive_Type

str

Source_Device_ID

str

Destination_Drive_Type

str

Destination_Device_ID

str

Email_Address

str

User_Name

str

Code Block
ifthenelse(User_Name_len > 1, User_Name_tmp[1], User_Name_wDomain)

User_Name_tmp

User_Name_wDomain

User_Name_len

Custom_Int_4

str

Custom_String_1

str

Custom_String_3

str

Custom_String_4

str

Detail_Event_ID

str

Dll_SHA1_Hash

str

Dll_SHA256_Hash

str

Registry_Value

str

Event_ID

str

Detail_File_Size_MB

float8

Destination_Device_Friendly_Name

str

Destination_Device_Product_ID

str

Destination_Device_Product_Name

str

Destination_Device_Serial_Number

str

Destination_Device_Vendor

str

Destination_Device_Vendor_ID

str

Prompt_Survey_Text

str

Source_Device_Friendly_Name

str

Source_Device_Product_ID

str

Source_Device_Product_Name

str

Source_Device_Serial_Number

str

Source_Device_Vendor

str

Source_Device_Vendor_ID

str

Source_IP_Address

str

Alert_ID

str

Server_Local_Timestamp

str

User_Name_Text

str

Category

str

Detail

str

message

str

rawSource

hostchain

str

tag

str

rawMessage

str

rawSource

Anchor
tag3
tag3
dlp.digitalguardian.endpointdlp.audit

Field

Type

Extra field

Source field name

eventdate

timestamp

priority

int4

Server_Local_Timestamp

str

User_Name_Text

str

Category

str

Detail

str

hostchain

str

tag

str

rawMessage

str

rawSource

Anchor
tag4
tag4
dlp.digitalguardian.endpointdlp.classification

Field

Type

Extra field

Source field name

eventdate

timestamp

priority

int4

Event_ID

str

Detail_Classification_Policy

str

hostchain

str

tag

str

rawMessage

str

rawSource

Anchor
tag5
tag5
dlp.digitalguardian.endpointdlp.events

Field

Type

Extra field

eventdate

timestamp

Agent_Local_Date

str

Agent_Local_Time

str

Agent_UTC_Time

str

Application

str

Computer_Name

str

Computer_Type

str

DNS_Hostname

str

Email_Sender

str

Email_Subject

str

Event_ID

str

Detail_Event_ID

str

IP_Address

str

Local_Port

str

Network_Direction

str

Operation

str

Protocol

str

Remote_Port

str

URL_Path

str

Was_Classified

str

Was_Removable

str

Was_Rule_Violation

str

Was_S_MIME_Encrypted

str

Was_S_MIME_Signed

str

Device_ID

str

Drive_Type

str

Friendly_Name

str

Product_ID

str

Removal_Policy

str

Serial_Number

str

Vendor

str

Vendor_ID

str

Destination_Directory

str

Destination_File

str

Destination_File_Extension

str

Email_Domain_Name

str

Email_Recipient

str

Printer

str

Printer_Jobname

str

Source_Directory

str

Source_File

str

Source_File_Extension

str

User_Response

str

Was_Destination_Classified

str

Was_Detail_Rule_Violation

str

Was_Source_Classified

str

Was_Source_Removable

str

Source_Drive_Type

str

Source_Device_ID

str

Destination_Drive_Type

str

Destination_Device_ID

str

Domain_Name

str

Email_Address

str

User_ID

str

User_Name

str

Custom_String_1

str

Custom_String_3

str

Custom_String_4

str

Company_Name

str

Product_Name

str

Product_Version

str

Scan_Value_Status

str

Scan_Value_Status_Local_Time

str

Scan_Value_Status_Text

str

Dll_SHA1_Hash

str

Dll_SHA256_Hash

str

Parent_Application_V2

str

Parent_MD5_Checksum_V2

str

Destination_Device_Friendly_Name

str

Destination_Device_Product_ID

str

Destination_Device_Product_Name

str

Destination_Device_Serial_Number

str

Destination_Device_Vendor

str

Destination_Device_Vendor_ID

str

Rule

str

Source_Device_Friendly_Name

str

Source_Device_Serial_Number

str

Source_Device_Product_ID

str

Source_Device_Product_Name

str

Source_Device_Vendor

str

Source_Device_Vendor_ID

str

Was_Blocked

str

MD5_Checksum

str

Dll_Created_Local_Time

str

Detail_File_Size_MB

str

Detail_Classification_Content_Pattern

str

Detail_Classification_Frequency

str

Detail_Classification_Policy

str

Detail_Classification_Rule

str

Detail_Classification_Type

str

Source_IP_Address

str

Registry_Value

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag6
tag6
dlp.digitalguardian.endpointdlp

Field

Type

Extra field

Source field name

eventdate

timestamp

type

str

vtype

message

str

rawSource

hostchain

str

tag

str

rawMessage

str

rawSource

Anchor
tag7
tag7
dlp.digitalguardian.networkdlp.events

Field

Type

Extra field

eventdate

timestamp

hostname

str

incident_id

str

managed_device_id

str

number_of_incidents

str

incident_status

str

matched_policies_by_severity

str

action_taken

str

matches

str

protocol

str

http_url

str

inspected_document

str

source

str

source_ip

ip4

source_port

str

destination

str

destination_ip

ip4

destination_port

str

email_subject

str

email_sender

str

email_recipients

str

timestamp

str

managed_device_name

str

incidents_url

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag8
tag8
dlp.digitalguardian.networkdlp.system

Field

Type

Extra field

eventdate

timestamp

hostname

str

category

str

managed_device_id

str

managed_device_name

str

managed_device_ip

ip4

source_ip

ip4

source_user

str

timestamp

str

summary

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag9
tag9
dlp.digitalguardian.networkdlp

Field

Type

Extra field

Source field name

eventdate

timestamp

hostchain

str

tag

str

rawMessage

str

rawSource