CiscoSecureEndpointAuditLogsV2_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items
• Parsers

Schema (10 columns)

Source: KQL validation test schema

Column Name	Type
AuditLogId	string
AuditLogType	string
AuditLogUser	string
CreatedAt	datetime
Event	string
Item	string
Message	string
NewAttributes	string
OldAttributes	string
TimeGenerated	datetime

Solutions (1)

This table is used by the following solutions:

• Cisco Secure Endpoint

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Cisco Secure Endpoint (via Codeless Connector Framework)

---

Content Items Using This Table (21)

Analytic Rules (10)

In solution Cisco Secure Endpoint:

Analytic Rule	Selection Criteria
Cisco SE - Connection to known C2 server
Cisco SE - Dropper activity on host
Cisco SE - Generic IOC
Cisco SE - Malware execusion on host
Cisco SE - Malware outbreak
Cisco SE - Multiple malware on host
Cisco SE - Policy update failure
Cisco SE - Possible webshell
Cisco SE - Ransomware Activity
Cisco SE - Unexpected binary file

Hunting Queries (10)

In solution Cisco Secure Endpoint:

Hunting Query	Selection Criteria
Cisco SE - Infected hosts
Cisco SE - Infected users
Cisco SE - Malicious files
Cisco SE - Modified agents on hosts
Cisco SE - Rare scanned files
Cisco SE - Scanned files
Cisco SE - Suspicious powershel downloads
Cisco SE - Uncommon application behavior
Cisco SE - User Logins
Cisco SE - Vulnerable applications

Workbooks (1)

In solution Cisco Secure Endpoint:

Workbook	Selection Criteria
Cisco Secure Endpoint Overview

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
CiscoSecureEndpoint	Cisco Secure Endpoint

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index