Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| Atime | datetime |
| CmdLine | string |
| Ctime | datetime |
| Cwd | string |
| DeviceImei1 | string |
| DeviceImei2 | string |
| DeviceModel | string |
| DeviceSerialNumber | string |
| DeviceWifimac | string |
| Egid | int |
| Euid | int |
| EventGuid | long |
| ExitCode | int |
| Fsgid | int |
| Fsuid | int |
| Gid | int |
| MitreTtp | dynamic |
| Mtime | datetime |
| Name | string |
| OwnerGid | int |
| OwnerUid | int |
| Path | string |
| Pid | int |
| Ppid | int |
| PrimaryImei | string |
| Profile | string |
| Severity | string |
| Sgid | int |
| Suid | int |
| Syscall | int |
| Tid | int |
| TimeGenerated | datetime |
| Uid | int |
| Version | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Samsung Knox Asset Intelligence |
In solution Samsung Knox Asset Intelligence:
| Analytic Rule | Selection Criteria |
|---|---|
| Samsung Knox - Application Privilege Escalation or Change Events |
In solution Samsung Knox Asset Intelligence:
| Workbook | Selection Criteria |
|---|---|
| SamsungKnoxAssetIntelligence |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| SamsungKnoxAssetIntelligence |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊