CarbonBlack_Alerts_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items

Schema (67 columns)

Source: Connector definition

Column Name	Type
AlertNotesPresent	string
AlertType	string
AlertUrl	string
BackendTimestamp	string
BackendUpdateTimestamp	string
DetectionTimestamp	string
Determination	string
DeviceExternalIp	string
DeviceId	string
DeviceInternalIp	string
DeviceLocation	string
DeviceName	string
DeviceOs	string
DeviceOsVersion	string
DevicePolicy	string
DevicePolicyId	string
DeviceTargetValue	string
DeviceUsername	string
FirstEventTimestamp	string
Id	string
IocHit	string
IocId	string
IsUpdated	string
LastEventTimestamp	string
MdrAlert	string
MdrAlertNotesPresent	string
ml_classification_org_prevalence	string
MlClassificationFinalVerdict	string
MlClassificationGlobalPrevalence	string
MlClassificationOrgPrevalence	string
ParentCmdline	string
ParentEffectiveReputation	string
ParentGuid	string
ParentMd5	string
ParentName	string
ParentPid	string
ParentReputation	string
ParentSha256	string
ParentUsername	string
PolicyApplied	string
PrimaryEventId	string
ProcessCmdline	string
ProcessEffectiveReputation	string
ProcessGuid	string
ProcessIssuer	string
ProcessMd5	string
ProcessName	string
ProcessPid	string
ProcessPublisher	string
ProcessReputation	string
ProcessSha256	string
ProcessUsername	string
Reason	string
ReasonCode	string
ReportDescription	string
ReportId	string
ReportLink	string
ReportName	string
ReportTags	string
RunState	string
SensorAction	string
Severity	string
ThreatId	string
TimeGenerated	datetime
Version	string
Watchlists	string
Workflow	string

Solutions (5)

This table is used by the following solutions:

• ContinuousDiagnostics&Mitigation
• MaturityModelForEventLogManagementM2131
• NISTSP80053
• VMware Carbon Black Cloud
• ZeroTrust(TIC3.0)

Connectors (2)

This table is ingested by the following connectors:

Connector	Selection Criteria
VMware Carbon Black Cloud via AWS S3
VMware Carbon Black Cloud via AWS S3 (via Codeless Connector Framework)

---

Content Items Using This Table (4)

Workbooks (4)

In solution ContinuousDiagnostics&Mitigation:

Workbook	Selection Criteria
ContinuousDiagnostics&Mitigation

In solution MaturityModelForEventLogManagementM2131:

Workbook	Selection Criteria
MaturityModelForEventLogManagement_M2131

In solution NISTSP80053:

Workbook	Selection Criteria
NISTSP80053

In solution ZeroTrust(TIC3.0):

Workbook	Selection Criteria
ZeroTrustTIC3

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index