RedSiftEmailForensics_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index

---

Attribute	Value
Supports Transformations	✗ No
Ingestion API Supported	✓ Yes
Lake-Only Ingestion	✗ No (source)

Contents

• Schema
• Solutions
• Connectors
• Content Items

Schema (28 columns)

Source: Connector definition

Column Name	Type
ActivityId	int
ActivityName	string
CategoryName	string
CategoryUid	int
ClassName	string
ClassUid	int
CorrelationUid	string
Direction	string
DkimResult	string
DstHostname	string
EmailFrom	string
EmailMessageUid	string
EmailReturnPath	string
EmailSubject	string
EmailUrls	dynamic
Enrichments	dynamic
EventTime	datetime
LogName	string
Message	string
Observables	dynamic
ProductName	string
ProtocolName	string
Severity	string
SeverityId	int
SpfResult	string
SrcIp	string
TimeGenerated	datetime
TypeUid	int

Solutions (1)

This table is used by the following solutions:

• Red Sift

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Red Sift Events (CCP Push)

---

Content Items Using This Table (3)

Analytic Rules (3)

In solution Red Sift:

Analytic Rule	Selection Criteria
Red Sift - Email with URL to previously unseen domain
Red Sift - New email with URL from previously unseen sender
Red Sift - New email with URL from previously unseen source

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index