Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ResourceId | string |
| accessAction_s | string |
| accessTargetName_s | string |
| accessTargetType_s | string |
| adminTaskId_s | string |
| affectedComputers_d | real |
| affectedUsers_d | real |
| agentEventCount_d | real |
| agentId_g | string |
| aggregatedBy_s | string |
| applicationSubType_s | string |
| applicationType_s | string |
| appPackageDisplayName_s | string |
| bundleId_s | string |
| bundleName_s | string |
| bundleVersion_s | string |
| CLSID_s | string |
| company_s | string |
| Computer | string |
| deceptionType_d | real |
| defenceActionId_d | real |
| displayName_s | string |
| event_type_s | string |
| eventType_s | string |
| evidences_s | string |
| fileAccessPermission_s | string |
| fileDescription_s | string |
| fileLocation_s | string |
| fileName_s | string |
| filePath_s | string |
| fileQualifier_s | string |
| fileSize_d | real |
| fileVersion_s | string |
| firstEventDate_t | datetime |
| firstEventUserName_s | string |
| hash_s | string |
| justification_s | string |
| justificationEmail_s | string |
| lastAgentId_g | string |
| lastEventDate_t | datetime |
| lastEventDisplayName_s | string |
| lastEventFileName_s | string |
| lastEventJustification_s | string |
| lastEventSourceName_s | string |
| lastEventSourceType_s | string |
| lastEventUserName_s | string |
| logonAttemptTypeId_d | real |
| logonStatusId_d | real |
| ManagementGroupName | string |
| MG | string |
| mimeType_s | string |
| modificationTime_t | datetime |
| originalFileName_s | string |
| owner_s | string |
| packageName_s | string |
| policyId_d | real |
| policyName_s | string |
| processCommandLine_g | string |
| processCommandLine_s | string |
| productName_s | string |
| productVersion_s | string |
| publisher_s | string |
| RawData | string |
| set_name_s | string |
| skipped_b | bool |
| skippedCount_d | real |
| sourceName_s | string |
| sourceProcessCommandLine_s | string |
| sourceProcessHash_s | string |
| sourceProcessPublisher_s | string |
| sourceProcessSigner_s | string |
| sourceProcessUsername_s | string |
| SourceSystem | string |
| sourceType_s | string |
| TenantId | string |
| threatDetectionAction_s | string |
| threatProtectionAction_s | string |
| TimeGenerated | datetime |
| totalEvents_d | real |
| Type | string |
| url_s | string |
| userIsAdmin_b | bool |
| userName_s | string |
| winEventRecordId_d | real |
| winEventType_d | real |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| CyberArkEPM |
In solution CyberArkEPM:
In solution CyberArkEPM:
In solution CyberArkEPM:
| Workbook | Selection Criteria |
|---|---|
| CyberArkEPM |
| Parser | Solution | Selection Criteria |
|---|---|---|
| CyberArkEPM | CyberArkEPM |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊