Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Category | Crowdstrike |
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| AdditionalFields | dynamic | |
| aid | string | |
| aip | string | |
| AuthenticationId | string | |
| BoundingLimitCount | long | |
| BoundingLimitDuration | string | |
| cid | string | |
| ClientId | string | |
| CommandLine | string | |
| ConfigBuild | string | |
| ConfigStateHash | string | |
| ContextProcessId | string | |
| ContextThreadId | string | |
| ContextTimeStamp | real | |
| CrowdStrikeId | string | |
| DesiredAccess | string | |
| DiskParentDeviceInstanceId | string | |
| EffectiveTransmissionClass | string | |
| ELFSubType | string | |
| Entitlements | string | |
| event_platform | string | |
| event_simpleName | string | |
| EventOrigin | string | |
| FileAttributes | string | |
| FileCategory | string | |
| FileEcpBitmask | string | |
| FileFlags | string | |
| FileIdentifier | string | |
| FileObject | string | |
| FileOperatorSid | string | |
| FileWrittenFlags | string | |
| FixedFileVersion | string | |
| GID | string | |
| HandleCreateAuthenticationId | string | |
| ImageFileName | string | |
| Information | string | |
| IrpFlags | string | |
| IsOnNetwork | string | |
| IsOnRemovableDisk | string | |
| IsTransactedFile | string | |
| MachOSubType | string | |
| MajorFunction | string | |
| MinorFunction | string | |
| MSOfficeSubType | string | |
| name | string | |
| NewFileIdentifier | string | |
| OciContainerId | string | |
| OperationFlags | string | |
| Options | string | |
| OriginalFilename | string | |
| PatternId | string | |
| SHA256HashData | string | |
| ShareAccess | string | |
| Size | long | |
| SourceFileName | string | |
| Status | string | |
| Tags | string | |
| TargetDirectoryName | string | |
| TargetFileName | string | |
| TemporaryFileName | string | |
| TimeGenerated | datetime | The timestamp (UTC) reflecting the time in which the event was generated. |
| timestamp | long | |
| TokenType | string | |
| TreeId | string | |
| UID | string | |
| UnixMode | string | |
| UserName | string | |
| USN | string | |
| VnodeModificationType | string | |
| VnodeType | string | |
| VolumeSessionUUID | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊