Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _path_s | string |
| _system_name_s | string |
| _timestamp_s | string |
| _timestamp_t | datetime |
| _version_s | string |
| _write_ts_t | datetime |
| check_bursty_percent_d | real |
| check_dns_half_duplex_orig_percent_d | real |
| check_dns_half_duplex_resp_percent_d | real |
| check_local_to_local_percent_d | real |
| check_remote_to_remote_percent_d | real |
| check_tcp_backscatter_percent_d | real |
| check_tcp_byte_counts_wrong_percent_d | real |
| check_tcp_checksum_errors_percent_d | real |
| check_tcp_half_duplex_percent_d | real |
| check_tcp_missed_bytes_percent_d | real |
| check_tcp_no_ssl_on_443_percent_d | real |
| check_tcp_no_three_way_handshake_percent_d | real |
| check_tcp_retransmissions_percent_d | real |
| check_tcp_scan_percent_d | real |
| TimeGenerated | datetime |
This table is used by the following solutions:
In solution Corelight:
| Workbook | Selection Criteria |
|---|---|
| Corelight_Sensor_Overview |
| Parser | Solution | Selection Criteria |
|---|---|---|
| corelight_corelight_metrics_zeek_doctor | Corelight |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊