Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ResourceId | string |
| aid | string |
| aip | string |
| AuthenticationId | string |
| AuthenticodeHashData | string |
| cid | string |
| CommandLine | string |
| Computer | string |
| ConfigBuild | string |
| ConfigStateHash | string |
| EffectiveTransmissionClass | real |
| Entitlements | string |
| event_platform | string |
| event_simpleName | string |
| id | string |
| ImageFileName | string |
| ImageSubsystem | string |
| IntegrityLevel | real |
| MD5HashData | string |
| name | string |
| ParentAuthenticationId | string |
| ParentBaseFileName | string |
| ParentProcessId | string |
| ProcessCreateFlags | string |
| ProcessEndTime | string |
| ProcessParameterFlags | string |
| ProcessStartTime | string |
| ProcessSxsFlags | string |
| RawProcessId | string |
| RpcClientProcessId | string |
| SessionId | string |
| SHA1HashData | string |
| SHA256HashData | string |
| SignInfoFlags | string |
| SourceProcessId | string |
| SourceSystem | string |
| SourceThreadId | string |
| Tags | string |
| TargetProcessId | string |
| TenantId | string |
| TimeGenerated | datetime |
| timestamp | datetime |
| TokenType | real |
| Type | string |
| UserSid | string |
| WindowFlags | real |
| Parser | Solution | Selection Criteria |
|---|---|---|
| CrowdStrikeReplicator | CrowdStrike Falcon Endpoint Protection | |
| CrowdStrikeReplicator | CrowdStrike Falcon Endpoint Protection ⚠️ |
⚠️ Parsers marked with ⚠️ are not listed in their Solution JSON file.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊