Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| AccountId | string | The unique identifier for the account. |
| AccountName | string | The account name. |
| ActiveDirectory | string | Details about the active directory. |
| ActiveThreats | real | The number of active threats. |
| AgentVersion | string | The version of the agent. |
| AllowRemoteShell | bool | Indicates whether remote shell is allowed. |
| AppsVulnerabilityStatus | string | The vulnerability status of the applications. |
| ComputerName | string | The name of the computer. |
| ConsoleMigrationStatus | string | The status of the console migration. |
| CoreCount | real | The number of CPU cores. |
| CpuCount | real | The number of CPUs. |
| CpuId | string | The identifier of the CPU. |
| CreatedAt | datetime | The timestamp (UTC) when the object was created. |
| Domain | string | The domain of the object. |
| EncryptedApplications | bool | Indicates whether the applications are encrypted. |
| ExternalId | string | The external identifier associated with the object. |
| ExternalIp | string | The external IP address of the object. |
| FullDiskScanLastUpdatedAt | datetime | The timestamp (UTC) when the full disk scan was last updated. |
| GroupId | string | The unique identifier for the group. |
| GroupIp | string | The IP address of the group. |
| GroupName | string | The name of the group. |
| GroupUpdatedAt | datetime | The timestamp (UTC) when the group was last updated. |
| Id | string | The unique identifier for the object. |
| Infected | bool | Indicates whether the object is infected. |
| InRemoteShellSession | bool | Indicates whether the object is in a remote shell session. |
| InstallerType | string | The type of installer used. |
| IsActive | bool | Indicates whether the object is active. |
| IsDecommissioned | bool | Indicates whether the object is decommissioned. |
| IsPendingUninstall | bool | Indicates whether the object is pending uninstallation. |
| IsUninstalled | bool | Indicates whether the object is uninstalled. |
| IsUpToDate | bool | Indicates whether the object is up to date. |
| LastActiveDate | datetime | The timestamp (UTC) when the object was last active. |
| LastIpToMgmt | string | The last IP address used for management. |
| LastLoggedInUserName | string | The username of the last logged-in user. |
| LicenseKey | string | The license key associated with the object. |
| Locations | string | The locations associated with the object. |
| LocationType | string | The type of location. |
| MachineType | string | The type of machine. |
| MissingPermissions | string | Details of the missing permissions. |
| MitigationMode | string | The mitigation mode applied. |
| MitigationModeSuspicious | string | The suspicious mitigation mode applied. |
| ModelName | string | The model name of the object. |
| NetworkInterfaces | string | Details of the network interfaces. |
| NetworkQuarantineEnabled | bool | Is Network Quarantine Enabled on the device. |
| NetworkStatus | string | The network status of the object. |
| OperationalStateExpiration | string | Agent operational state. |
| OsArch | string | The OS architecture. |
| OsName | string | The name of the operating system. |
| OsRevision | string | The OS revision. |
| OsStartTime | datetime | The timestamp (UTC) when the operating system started. |
| OsType | string | The type of operating system. |
| OsUsername | string | The username associated with the operating system. |
| PolicyUpdatedAt | datetime | The timestamp (UTC) when the policy was last updated. |
| RangerStatus | string | The status of the ranger. |
| RangerVersion | string | The version of the ranger. |
| RegisteredAt | datetime | The timestamp (UTC) when the object was registered. |
| RemoteProfilingState | string | Agent remote profiling state. |
| ScanAbortedAt | datetime | The timestamp (UTC) when the scan was aborted. |
| ScanFinishedAt | datetime | The timestamp (UTC) when the scan was finished. |
| ScanStartedAt | datetime | The timestamp (UTC) when the scan was started. |
| ScanStatus | string | The scan status of the object. |
| SiteId | string | The unique identifier for the site. |
| SiteName | string | The name of the site. |
| ThreatRebootRequired | bool | Indicates whether a reboot is required due to a threat. |
| TimeGenerated | datetime | The timestamp (UTC) reflecting the time in which the event was generated. |
| TotalMemory | real | The total memory available in MB. |
| UpdatedAt | datetime | The timestamp (UTC) when the object was last updated. |
| UserActionsNeeded | string | Details of the user actions needed. |
| Uuid | string | The unique identifier for the object. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| [DEPRECATED] SentinelOne (using Azure Function) | |
| SentinelOne (via Codeless Connector Framework) |
In solution SentinelOne:
In solution SentinelOne:
In solution SentinelOne:
| Workbook | Selection Criteria |
|---|---|
| SentinelOne |
| Parser | Solution | Selection Criteria |
|---|---|---|
| SentinelOne | SentinelOne |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊