Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| actor | string | Actor/threat actor name |
| alert_content | string | Content formatted for alerting |
| asset_uuids | dynamic | List of related asset UUIDs |
| author_id | string | Author identifier |
| category_name | string | Category of the event |
| code | dynamic | Code metadata |
| content | string | Full content of the event |
| content_preview | dynamic | Preview of the content |
| data | dynamic | Additional data payload |
| event_title | string | Title of the event |
| event_type | string | Type of the search item |
| EventOriginalType | string | Original event type (ASIM) |
| EventOriginalUid | string | Original unique identifier (ASIM) |
| EventProduct | string | Event product name (ASIM) |
| EventSchemaVersion | string | Schema version (ASIM) |
| EventSeverity | string | Severity level: Informational, Low, Medium, High, Critical (ASIM) |
| EventVendor | string | Event vendor name - Flare (ASIM) |
| external_url | string | External URL reference |
| first_crawled_at | string | When the item was first crawled |
| highlights | dynamic | Highlighted matches in the content |
| id | string | Unique identifier of the item |
| identifiers | dynamic | Array of matched identifiers [{id, type, name, query, group}] |
| keyword | string | Matched keyword |
| materialized_at | string | When the item was materialized |
| project_name | string | Project name (for code-related events) |
| related | dynamic | List of related URLs |
| risk | dynamic | Risk object containing score |
| RiskScore | int | Extracted risk score (1-5) |
| sha | string | Commit SHA (for code-related events) |
| sort | string | |
| source | string | Source identifier |
| source_name | string | Human-readable source name |
| tags | dynamic | List of tags |
| TimeGenerated | datetime | Timestamp when the event was ingested (ASIM) |
| timestamp | string | Original timestamp from Flare |
| timestamp_formatted | string | Formatted timestamp string |
| uid | string | Unique identifier (UID format) |
| Url | string | Source URL (ASIM) |
| user_notes | string | User notes on the event |
| user_risk_score | int | User-assigned risk score override |
| victim_name | string | Victim name if applicable |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Flare Push Connector |
In solution Flare:
In solution Flare:
| Workbook | Selection Criteria |
|---|---|
| FlareSystemsFireworkOverview |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊