Document toolboxDocument toolbox

Endpoint protection

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Feb 17, 2022
1 min read

This group includes tags that start with the level endpoint. These tags identify data generated by endpoint-related systems.

Company Product / service Valid tags

Bitdefender

  • endpoint.bitdefender.agent.alert
  • endpoint.bitdefender.agent.detection
  • endpoint.bitdefender.agent.modify_value
  • endpoint.bitdefender.agent.network_connection
  • endpoint.bitdefender.agent.file_modify
  • endpoint.bitdefender.agent.log_out
  • endpoint.bitdefender.agent.log_on
  • endpoint.bitdefender.agent.rca_insight_event
  • endpoint.bitdefender.agent.ctc_raw_process_create
  • endpoint.bitdefender.agent.process_create
  • endpoint.bitdefender.agent.rca_insight
  • endpoint.bitdefender.agent.filescan_detection
  • endpoint.bitdefender.agent.terminate_process
  • endpoint.bitdefender.agent.file_delete
  • endpoint.bitdefender.agent.file_read
  • endpoint.bitdefender.agent.file_create
  • endpoint.bitdefender.agent.file_move
  • endpoint.bitdefender.agent.connection_connect
  • endpoint.bitdefender.agent.interface_change
  • endpoint.bitdefender.agent.user_logout
  • endpoint.bitdefender.agent.process_signal
  • endpoint.bitdefender.agent.interface_added
  • endpoint.bitdefender.agent.process_create_fork
  • endpoint.bitdefender.agent.reg_delete_key
  • endpoint.bitdefender.agent.service_added
  • endpoint.bitdefender.agent.user_session_list
  • endpoint.bitdefender.agent.process_create_execve
  • endpoint.bitdefender.agent.user_account_settings_change
  • endpoint.bitdefender.agent.reg_delete_value
  • endpoint.bitdefender.agent.reg_modify_value
  • endpoint.bitdefender.agent.network_interfaces
  • endpoint.bitdefender.gravityzone.product_modules_status

Check more info about these parsers

image2021-6-15_11-33-45.png

Symantec Endpoint Protection Manager

  • endpoint.symantec.sepm.agent_behavior
  • endpoint.symantec.sepm.agent_risk
  • endpoint.symantec.sepm.agent_scan
  • endpoint.symantec.sepm.agent_security
  • endpoint.symantec.sepm.agent_system
  • endpoint.symantec.sepm.others

Check more info about these parsers

VMware Carbon Black

  • endpoint.vmware.cbc_defender.audit_logs
  • endpoint.vmware.cbc_api.alerts

Check more info about these parsers

  • endpoint.carbonblack.protection

Check more info about these parsers