Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| BpDataAudit | bool |
| BpDataDemo | bool |
| BpDataDetailsActions | string |
| BpDataDetailsEngEpoch | real |
| BpDataDetailsEngVer | string |
| BpDataDetailsMatchedActivityEvents | string |
| BpDataDetailsMatchedActivityLimited | bool |
| BpDataDetailsMatchedActivityMatched | real |
| BpDataDetailsSchema | string |
| BpDataDetailsSchemaEpoch | real |
| BpDataDetailsSigId | real |
| BpDataDetailsSigRev | real |
| BpDataDetailsSigSetVersion | real |
| BpDataDetection | string |
| BpDataDeviceAgentList | string |
| BpDataDeviceHostname | string |
| BpDataDeviceHwInfoBiosManufacturer | string |
| BpDataDeviceHwInfoBiosVer | string |
| BpDataDeviceHwInfoCpuBits | real |
| BpDataDeviceHwInfoCpuType | string |
| BpDataDeviceHwInfoSerialNumber | string |
| BpDataDeviceHwInfoUuid | string |
| BpDataDeviceHwInfoVendorName | string |
| BpDataDeviceNetworkInterfaces | string |
| BpDataDeviceOsBuild | string |
| BpDataDeviceOsEdition | string |
| BpDataDeviceOsMachineUuid | string |
| BpDataDeviceOsName | string |
| BpDataDeviceOsTypeId | real |
| BpDataDeviceOsVersion | string |
| BpDataDeviceTypeId | real |
| BpDataEcx | string |
| BpDataEndTs | real |
| BpDataEngine | string |
| BpDataErrorCode | real |
| BpDataErrorSource | string |
| BpDataId | string |
| BpDataName | string |
| BpDataNormalizedName | string |
| BpDataNormalizedObservablesAll | string |
| BpDataNormalizedObservablesFileName | string |
| BpDataNormalizedObservablesFilePath | string |
| BpDataNormalizedSeverityId | real |
| BpDataObservablesFile | string |
| BpDataPackageManagerCurrentVersion | real |
| BpDataPackageManagerPendingVersion | real |
| BpDataPackageManagerSerialNumber | real |
| BpDataPackageName | string |
| BpDataPackageUri | string |
| BpDataRemediated | bool |
| BpDataSeverity | string |
| BpDataSilent | bool |
| BpDataStartTs | real |
| BpDataSts | real |
| BpDataTactics | string |
| BpDataTechniques | string |
| BpDataType | string |
| CloudIocDescription | string |
| CloudIocShortDescription | string |
| CommandLineArguments | string |
| ComputerActive | bool |
| ComputerConnectorGuid | string |
| ComputerExternalIp | string |
| ComputerHostname | string |
| ComputerLinksComputer | string |
| ComputerLinksGroup | string |
| ComputerLinksTrajectory | string |
| ComputerNetworkAddresses | string |
| ComputerUser | string |
| ConnectorGuid | string |
| Date | datetime |
| Detection | string |
| DetectionId | string |
| DeviceControlAccess | string |
| DeviceControlConfigurationId | string |
| DeviceControlConfigurationRevision | real |
| DeviceControlDataAudit | bool |
| DeviceControlDataDemo | bool |
| DeviceControlDataDetailsAccess | string |
| DeviceControlDataDetailsDeviceDataDeviceClass | real |
| DeviceControlDataDetailsDeviceDataDeviceProtocol | real |
| DeviceControlDataDetailsDeviceDataDeviceSubClass | real |
| DeviceControlDataDetailsDeviceDataHardwareId | string |
| DeviceControlDataDetailsDeviceDataInstanceId | string |
| DeviceControlDataDetailsDeviceDataProductId | string |
| DeviceControlDataDetailsDeviceDataProductName | string |
| DeviceControlDataDetailsDeviceDataSerialNumberId | string |
| DeviceControlDataDetailsDeviceDataSetupClassId | string |
| DeviceControlDataDetailsDeviceDataSetupClassName | string |
| DeviceControlDataDetailsDeviceDataUsbSpec | string |
| DeviceControlDataDetailsDeviceDataVendorId | string |
| DeviceControlDataDetailsDeviceDataVendorName | string |
| DeviceControlDataDetailsEngVersion | string |
| DeviceControlDataDetailsMatchedRuleDisplayName | string |
| DeviceControlDataDetailsMatchedRuleId | string |
| DeviceControlDataDetailsMatchedRulePriority | real |
| DeviceControlDataDetailsPhase | string |
| DeviceControlDataDetailsRulesetId | string |
| DeviceControlDataDetailsRulesetRev | real |
| DeviceControlDataDetailsRulesetVersion | string |
| DeviceControlDataDetection | string |
| DeviceControlDataEngine | string |
| DeviceControlDataId | string |
| DeviceControlDataNormalizedSeverityId | real |
| DeviceControlDataPackageManagerSerialNumber | string |
| DeviceControlDataPackageName | string |
| DeviceControlDataSilent | bool |
| DeviceControlDataSts | real |
| DeviceControlDataType | string |
| DeviceControlDeviceId | string |
| DeviceControlInstanceId | string |
| DeviceControlProductId | string |
| DeviceControlProductName | string |
| DeviceControlRuleId | string |
| DeviceControlSerialNumberId | string |
| DeviceControlVendorId | string |
| DeviceControlVendorName | string |
| EndpointIocScanClean | bool |
| EndpointIocScanDescription | string |
| EndpointIocScanMaliciousDetections | real |
| EndpointIocScanMatchedObjects | real |
| EndpointIocScanScannedObjects | real |
| ErrorDescription | string |
| ErrorErrorCode | real |
| EventType | string |
| EventTypeId | real |
| FileArchivedFileDisposition | string |
| FileArchivedFileIdentitySha256 | string |
| FileAttackDetailsApplication | string |
| FileAttackDetailsAttackedModule | string |
| FileAttackDetailsBaseAddress | string |
| FileAttackDetailsIndicators | string |
| FileAttackDetailsSuspiciousFiles | string |
| FileDisposition | string |
| FileFileName | string |
| FileFilePath | string |
| FileIdentityMd5 | string |
| FileIdentitySha1 | string |
| FileIdentitySha256 | string |
| FileParentDisposition | string |
| FileParentFileName | string |
| FileParentIdentityMd5 | string |
| FileParentIdentitySha1 | string |
| FileParentIdentitySha256 | string |
| FileParentProcessId | real |
| ForensicSnapshotUrl | string |
| GroupGuids | string |
| Hostname | string |
| Id | real |
| IsolationDuration | real |
| IsolationUser | string |
| NetworkInfoDirtyUrl | string |
| NetworkInfoLocalIp | string |
| NetworkInfoLocalPort | real |
| NetworkInfoNfmDirection | string |
| NetworkInfoNfmProtocol | string |
| NetworkInfoParentDisposition | string |
| NetworkInfoParentFileName | string |
| NetworkInfoParentIdentityMd5 | string |
| NetworkInfoParentIdentitySha1 | string |
| NetworkInfoParentIdentitySha256 | string |
| NetworkInfoParentProcessId | real |
| NetworkInfoRemoteIp | string |
| NetworkInfoRemotePort | real |
| OrbitalOldVersion | string |
| OrbitalVersion | string |
| PolicySerialNumber | real |
| ProductUpdateCurrentVersion | string |
| ProductUpdateUpdateVersion | string |
| ScanClean | bool |
| ScanDescription | string |
| ScanMaliciousDetections | real |
| ScanScannedFiles | real |
| ScanScannedPaths | real |
| ScanScannedProcesses | real |
| Severity | string |
| StartDate | datetime |
| StartTimestamp | real |
| Tactics | string |
| Techniques | string |
| ThreatHuntingIncidentEndTime | real |
| ThreatHuntingIncidentHuntGuid | string |
| ThreatHuntingIncidentRemediation | string |
| ThreatHuntingIncidentReportGuid | string |
| ThreatHuntingIncidentStartTime | real |
| ThreatHuntingIncidentSummary | string |
| ThreatHuntingIncidentTitle | string |
| ThreatHuntingSeverity | string |
| ThreatHuntingTactics | string |
| ThreatHuntingTechniques | string |
| TimeGenerated | datetime |
| Timestamp | real |
| TimestampNanoseconds | real |
| Vulnerabilities | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Secure Endpoint (via Codeless Connector Framework) |
In solution Cisco Secure Endpoint:
In solution Cisco Secure Endpoint:
In solution Cisco Secure Endpoint:
| Workbook | Selection Criteria |
|---|---|
| Cisco Secure Endpoint Overview |
| Parser | Solution | Selection Criteria |
|---|---|---|
| CiscoSecureEndpoint | Cisco Secure Endpoint |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊