Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ResourceId | string |
| additional_participants | dynamic |
| assignee | string |
| categories_array | dynamic |
| categories_ids | dynamic |
| categories_string | string |
| description | string |
| DetectionTitle | string |
| DetectionType | string |
| dst | dynamic |
| dst_device | dynamic |
| dst_device_ipaddrs | dynamic |
| dst_device_macaddr | string |
| dst_device_name | string |
| dst_device_oid | real |
| dst_device_role | string |
| dst_endpoint | string |
| dst_external | bool |
| dst_hostname | string |
| dst_ipaddr | string |
| dst_role | string |
| dst_type | string |
| dst_username | string |
| id | real |
| is_user_created | bool |
| mitre_tactics_string | string |
| mitre_techniques | dynamic |
| mitre_techniques_string | string |
| mod_time | real |
| properties | dynamic |
| properties_client_port | real |
| properties_command | string |
| properties_randomness | real |
| properties_server_port | real |
| properties_user | string |
| recommended | bool |
| recommended_factors | dynamic |
| resolution | string |
| risk_score | real |
| src | dynamic |
| src_device | dynamic |
| src_device_ipaddrs | dynamic |
| src_device_macaddr | string |
| src_device_name | string |
| src_device_oid | real |
| src_device_role | string |
| src_endpoint | string |
| src_external | bool |
| src_hostname | string |
| src_ipaddr | string |
| src_role | string |
| src_type | string |
| src_username | string |
| status | string |
| ticket_id | real |
| TimeGenerated | datetime |
| timestamp | real |
| Type | string |
| url | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| ExtraHop Detections Data Connector |
In solution ExtraHop:
| Analytic Rule | Selection Criteria |
|---|---|
| Generate alerts based on ExtraHop detections recommended for triage |
In solution ExtraHop:
| Workbook | Selection Criteria |
|---|---|
| ExtraHopDetectionsOverview |
| Parser | Solution | Selection Criteria |
|---|---|---|
| ExtraHopDetections | ExtraHop |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊