CrowdStrike_Additional_Events_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Category	Crowdstrike
Ingestion API Supported	✓ Yes

Schema
Solutions
Connectors
Parsers

Schema (461 columns)

Source: Connector definition

Column Name	Type	Description
AccessType	string
ActiveDirectoryAuthenticationMethod	string
AdditionalFields	dynamic
AgentLoadFlags	string
AgentLocalTime	real
AggregationEarliestTimestamp	real
AggregationLatestTimestamp	real
AggregationWindowTimestamp	real
aid	string
aip	string
AmsDeviceType	string
AmsiRegistrationState	string
AmsiStatusCode	string
AmsScanSubtypeId	string
AmsScanTypeId	string
AmsStatus	string
AntiTamperStateFlag	string
ApcContextFileName	string
ApcFlags	string
AppArchitecture	string
AppIdentificationData	string
AppName	string
AppPath	string
AppPathFlag	string
AppProductId	string
AppProvider	string
AppSource	string
AppType	string
AppUpdateIds	string
AppVersion	string
AsepFlags	string
AsepValueType	string
AssemblyFlags	string
AttemptNumber	string
AuthenticationFailureMsErrorCode	string
AuthenticationId	string
AuthenticationIdMac	string
AuthenticationPackage	string
AuthenticationUuid	string
AuthenticationUuidAsString	string
AuthenticodeHashData	string
AvailableDiskSpace	string
AverageCpuUsage	string
AverageUsedRam	string
BaseReachableTime	long
BaseTime	real
BatchTimestamp	real
BillingType	string
BluetoothDeviceAddress	string
BluetoothDeviceAddressType	string
BluetoothDeviceName	string
BluetoothDeviceType	string
BoundingLimitCount	long
BoundingLimitDuration	string
BuildNumber	string
BuildType	string
ByteOffset	string
CallStackModuleNames	string
Certificate	string
ChassisType	string
CheckedBuild	string
cid	string
ClientComputerName	string
CloudErrorCode	string
CloudRequestId	string
CommandCloudTimeStamp	real
CommandCode	string
CommandCount	long
CommandCountMax	long
CommandEndTimeStamp	real
CommandHistory	string
CommandLine	string
CommandName	string
CommandSequenceNumber	string
CommandSequenceTotal	int
CommandStartTimeStamp	real
CommandStdErr	string
CommandStdOut	string
CompanyName	string
ComputerName	string
ConfigBuild	string
ConfigStateHash	string
ConfigurationDescriptorAttributes	string
ConfigurationDescriptorMaxPowerDraw	string
ConfigurationDescriptorName	string
ConfigurationDescriptorNumInterfaces	string
ConfigurationDescriptorValue	string
ConnectionDirection	string
ConnectionFlags	string
ConnectionType	string
ContentSHA256HashData	string
ContextProcessId	string
ContextThreadId	string
ContextTimeStamp	real
CreationTimeStamp	real
CrowdStrikeId	string
DcPolicyFlags	string
DcPropertyIdInterfaceType	string
DcSensorInterfaceType	string
DcTypeOrLocation	string
DefaultGatewayIP6	string
DelegatorAccountObjectGuid	string
DelegatorAccountObjectSid	string
DelegatorAccountSamAccountName	string
DesiredAccess	string
DesiredKerberosEncryptionTypes	string
DeviceId	string
DeviceInstanceId	string
DeviceProduct	string
DeviceProductId	string
DeviceProtocol	string
DeviceTimeStamp	real
DeviceUserAuthenticationId	string
DeviceUserSid	string
DeviceVendorId	string
DeviceVersion	string
DirectionType	string
DiskParentDeviceInstanceId	string
DnsRequests	string
DomainName	string
DotnetModuleFlags	string
DownloadPath	string
DownloadPort	string
DownloadServer	string
DriverLoadFlags	string
DriverPreventionStatusFlags	string
EffectiveTransmissionClass	string
EndpointDescriptorAddress	string
EndpointDescriptorAttributes	string
EndpointDescriptorInterval	string
EndpointDescriptorMaxPacketSize	string
Entitlements	string
ErrorCode	string
ErrorStatus	string
ErrorText	string
EtwEventCount	long
EtwProviders	string
EtwProvidersEnabled	string
EtwProvidersError	string
EtwRawProcessId	string
EtwRawThreadId	string
EtwTargetRawProcessId	string
event_platform	string
event_simpleName	string
event_type	string
EventMax	string
EventOrigin	string
EventUUID	string
ExclusionType	string
ExecutableBytes	string
ExtendedKeyUsages	string
ExternalApiType	string
Facility	string
File	string
FileAttributes	string
FileEcpBitmask	string
FileFormatString	string
FileIdentifier	string
FileName	string
FileObject	string
FilePath	string
FileSigningTime	real
FileSubType	string
FileSystemOperationType	string
FileVersion	string
FirmwareAnalysisErrorLocation	string
FirmwareAnalysisErrorReason	string
FirmwareAnalysisErrorSource	string
FirmwareSize	string
FirmwareType	string
FirstCommand	string
FixedFileVersion	string
FsOperationClassificationFlags	string
GrandparentCommandLine	string
GrandparentImageFileName	string
HandleCreateAuthenticationId	string
HashAlgorithm	string
HostnameField	string
HostProcessType	string
HostUrl	string
IfType	string
ImageAnalysisRequestTimestamp	real
ImageBaseName	string
ImageFileName	string
ImageTimeStamp	real
Information	string
InjectedThreadFlag	string
InstallDate	string
InstalledUpdateExtendedStatus	string
InstalledUpdateIds	string
IntegrityLevel	string
InterfaceAlias	string
InterfaceDescriptorAlternateSetting	string
InterfaceDescriptorName	string
InterfaceDescriptorNumber	string
InterfaceDescriptorNumEndpoints	string
InterfaceFlags	string
InterfaceGuid	string
InterfaceIndex	string
InterfaceType	string
InterfaceVersion	string
IpEntryFlags	string
IrpFlags	string
IsOnRemovableDisk	string
IssuerDN	string
KerberosRequestTicketValidityPeriod	string
KernelTime	real
KeyObject	string
LastPendingUpdateInstalledTime	string
LastUpdateInstalledTime	string
LdapSecurityType	string
Length	string
LfoUploadFlags	string
LocalAddressIP4	string
LocalAddressIP6	string
LocalIP	string
LocalPort	string
LoginSessionId	string
LogonDomain	string
LogonId	string
LogonServer	string
LogonTime	real
LogonType	string
MACAddress	string
MajorFunction	string
MajorVersion	string
MaxCpuUsage	string
MaxReassemblySize	string
MaxUsedRam	string
MD5HashData	string
MD5String	string
MeasurementType	string
MediaType	string
MemoryDescriptionFlags	string
MemoryScanFlags	string
MinorFunction	string
MinorVersion	string
ModuleCharacteristics	string
ModuleNativePath	string
name	string
NamedPipeOperationType	string
NetworkAccesses	string
NetworkGuid	string
NetworkInterfaceGuid	string
NtlmAvFlags	string
Object1Type	string
ObjectTypeEtw	string
OciContainerId	string
OciContainersStartedCount	long
OciContainersStoppedCount	long
OdsActionType	string
OperationFlags	string
Options	string
OriginalContentLength	string
OriginalFilename	string
OriginalParentAuthenticationId	string
OriginalUserSid	string
OriginSourceIpAddress	string
OSVersionFileData	string
OSVersionFileName	string
OSVersionString	string
ParentAuthenticationId	string
ParentCommandLine	string
ParentHubInstanceId	string
ParentHubPort	string
ParentImageFileName	string
PasswordLastSet	string
PatternDisposition	string
PatternDispositionFlags	string
PatternHandlingErrorType	string
PendingUpdateIds	string
PermanentPhysicalAddress	string
PhysicalAddress	string
PhysicalAddressLength	string
PhysicalCoreCount	long
PhysicalMediumType	string
PlatformId	string
PointerSize	string
PreferredLifetime	string
PrimaryModule	string
ProcessCount	long
ProcessEndTime	real
ProcessExecuteFlags	string
ProcessId	string
ProcessIntegrityLevel	string
ProcessStartTime	real
product_type_desc	string
ProductName	string
ProductSku	string
ProductType	string
Protocol	string
ProvisioningDuration	string
PtCompatibilityFlags	string
PtStatusFlags	string
PublicKeys	string
QuarantinedFileExtendedState	string
QuarantinedFileName	string
QuarantinedFileState	string
RawProcessId	string
RawTargetProcessId	string
RawTargetThreadId	string
RawThreadId	string
ReflectivePeTimestamp	real
RegBinaryValue	string
RegClassification	string
RegClassificationFlags	string
RegClassificationIndex	string
RegConfigClass	string
RegConfigFlags	string
RegConfigIndex	string
RegConfigValueType	string
RegCreateDisposition	string
RegCreateOptions	string
RegKeyChangeType	string
RegKeyName	string
RegNumericValue	string
RegObjectName	string
RegOperationType	string
RegPostObjectName	string
RegRootObjectName	string
RegStringValue	string
RegType	string
RegValueName	string
RemediationTriggerTimeStamp	real
RemoteAccount	string
RemoteAddressIP4	string
RemotePort	string
RetransmitTime	long
RpcClientProcessId	string
RpcClientThreadId	string
RpcNestingLevel	string
RpcOpClassification	string
RpcOpNum	string
ScreenshotType	string
ScriptContentBytes	string
ScriptContentName	string
ScriptContentSource	string
ScriptControlErrorCode	string
ServiceDescription	string
ServiceDisplayName	string
ServiceErrorControl	string
ServiceFailureActions	string
ServiceGroup	string
ServiceImagePath	string
ServiceObjectName	string
ServiceSecurity	string
ServiceStart	string
ServiceType	string
SessionId	string
SessionProcessId	string
Severity	string
SeverityName	string
SHA1HashData	string
SHA1String	string
SHA256HashData	string
SHA256String	string
ShareAccess	string
SideChannelMitigationFlags	string
SignatureDigestEncryptAlg	string
SignatureErrorState	string
SignatureState	string
SignerInfoCount	long
SignInfoFlags	string
SignInfoFlagSelfSigned	string
SignInfoFlagSignHashMismatch	string
SignInfoFlagUnknownError	string
SignInfoRequestFlags	string
Size	string
SocketType	string
SourceAccountBadPasswordCount	long
SourceAccountBadPasswordTime	string
SourceAccountDomain	string
SourceAccountObjectGuid	string
SourceAccountObjectSid	string
SourceAccountSamAccountName	string
SourceAccountType	string
SourceAccountUserPrincipal	string
SourceEndpointAccountObjectSid	string
SourceEndpointNetworkType	string
SourceFileName	string
SourceProcessId	string
SourceThreadId	string
SpotlightBatchType	string
StackLimit	string
StartTimestamp	real
Status	string
SubBuildNumber	string
SubjectCN	string
SubjectDN	string
SubjectSerialNumber	string
SuppressType	string
SuspectStackFlag	string
SystemUptimeSeconds	long
TamperFilterFlags	string
TargetAccountObjectGuid	string
TargetAccountObjectSid	string
TargetAccountType	string
TargetAddress	string
TargetAuthenticationId	string
TargetCommandLineParameters	string
TargetDirectoryName	string
TargetFileName	string
TargetIntegrityLevel	string
TargetProcessId	string
TargetSHA256HashData	string
TargetThreadId	string
TaskAuthor	string
TaskExecArguments	string
TaskExecCommand	string
TaskName	string
TaskXml	string
ThreadStartBytes	string
TimeGenerated	datetime	The timestamp (UTC) reflecting the time in which the event was generated.
Timeout	string
timestamp	long
ToBeSignedAlgorithm	string
ToBeSignedHash	string
TokenType	string
TotalCount	long
TotalDiskSpace	int
TpmFirmwareVersion	string
TpmType	string
TreeId	string
TunnelType	string
UID	string
UmppaInjectionType	string
UninstallPendingUpdateIds	string
UpdateFlag	string
UsedDiskSpace	string
UserCanonical	string
UserFlags	string
UserIsAdmin	string
UserLogonFlags	string
UserName	string
UserPrincipal	string
UserSid	string
UTCTimestamp	real
ValidLifetime	string
VersionInfo	string
VnodeModificationType	string
VolumeDeviceCharacteristics	string
VolumeDeviceObjectFlags	string
VolumeDeviceType	string
VolumeDriveLetter	string
VolumeEncryptionStatus	string
VolumeFileSystemDevice	string
VolumeFileSystemDriver	string
VolumeFileSystemType	string
VolumeIsEncrypted	string
VolumeMountPoint	string
VolumeName	string
VolumeRealDeviceName	string
VolumeSectorSize	string
VolumeSessionUUID	string
VolumeSnapshotName	string
VolumeSnapshotTimeStamp	real
WmiConsumerType	string
WmiFilterType	string
WmiNamespaceName	string
WmiProviderType	string
WmiQuery	string

Solutions (1)

This table is used by the following solutions:

CrowdStrike Falcon Endpoint Protection

Connectors (2)

This table is ingested by the following connectors:

Connector	Selection Criteria
CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)
[DEPRECATED] CrowdStrike Falcon Data Replicator (CrowdStrike Managed AWS-S3) (using Azure Function)

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
CrowdStrikeReplicatorV2	CrowdStrike Falcon Endpoint Protection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

CrowdStrike_Additional_Events_CL

Contents

Schema (461 columns)

Solutions (1)

Connectors (2)

Parsers Using This Table (1)

Other Parsers (1)