Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| ActingProcessCommandLine | string |
| ActingProcessGuid | string |
| ActingProcessId | string |
| ActingProcessName | string |
| ActorOriginalUserType | string |
| ActorScope | string |
| ActorSessionId | string |
| ActorUserId | string |
| ActorUserIdType | string |
| ActorUsername | string |
| ActorUsernameType | string |
| ActorUserType | string |
| AdditionalFields | dynamic |
| Dvc | string |
| DvcAction | string |
| DvcDescription | string |
| DvcDomain | string |
| DvcDomainType | string |
| DvcFQDN | string |
| DvcHostname | string |
| DvcId | string |
| DvcIdType | string |
| DvcInterface | string |
| DvcIpAddr | string |
| DvcMacAddr | string |
| DvcOriginalAction | string |
| DvcOs | string |
| DvcOsVersion | string |
| DvcScope | string |
| DvcScopeId | string |
| DvcSubscriptionId | string |
| DvcZone | string |
| EventCount | int |
| EventEndTime | datetime |
| EventMessage | string |
| EventOriginalResultDetails | string |
| EventOriginalSeverity | string |
| EventOriginalSubType | string |
| EventOriginalType | string |
| EventOriginalUid | string |
| EventOwner | string |
| EventProduct | string |
| EventProductVersion | string |
| EventReportUrl | string |
| EventResult | string |
| EventResultDetails | string |
| EventSchema | string |
| EventSchemaVersion | string |
| EventSeverity | string |
| EventStartTime | datetime |
| EventSubType | string |
| EventType | string |
| EventVendor | string |
| Hash | string |
| HashType | string |
| HttpUserAgent | string |
| NetworkApplicationProtocol | string |
| RuleName | string |
| RuleNumber | int |
| SrcFileCreationTime | datetime |
| SrcFileDirectory | string |
| SrcFileExtension | string |
| SrcFileMD5 | string |
| SrcFileMimeType | string |
| SrcFileName | string |
| SrcFilePath | string |
| SrcFilePathType | string |
| SrcFileSHA1 | string |
| SrcFileSHA256 | string |
| SrcFileSHA512 | string |
| SrcFileSize | long |
| SrcGeoCity | string |
| SrcGeoCountry | string |
| SrcGeoLatitude | real |
| SrcGeoLongitude | real |
| SrcGeoRegion | string |
| SrcIpAddr | string |
| TargetAppId | string |
| TargetAppName | string |
| TargetAppType | string |
| TargetFileCreationTime | datetime |
| TargetFileDirectory | string |
| TargetFileExtension | string |
| TargetFileMD5 | string |
| TargetFileMimeType | string |
| TargetFileName | string |
| TargetFilePath | string |
| TargetFilePathType | string |
| TargetFileSHA1 | string |
| TargetFileSHA256 | string |
| TargetFileSHA512 | string |
| TargetFileSize | long |
| TargetUrl | string |
| ThreatCategory | string |
| ThreatConfidence | int |
| ThreatField | string |
| ThreatFilePath | string |
| ThreatFirstReportedTime | datetime |
| ThreatId | string |
| ThreatIsActive | bool |
| ThreatLastReportedTime | datetime |
| ThreatName | string |
| ThreatOriginalConfidence | string |
| ThreatOriginalRiskLevel | string |
| ThreatRiskLevel | int |
| TimeGenerated | datetime |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| [DEPRECATED] CrowdStrike Falcon Data Replicator (CrowdStrike Managed AWS-S3) (using Azure Function) |
| Parser | Solution | Selection Criteria |
|---|---|---|
| CrowdStrikeReplicatorV2 | CrowdStrike Falcon Endpoint Protection |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊