Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ItemId | string |
| _ResourceId | string |
| accountId_s | string |
| accountName_s | string |
| activeDirectory_computerDistinguishedName_s | string |
| activeDirectory_computerMemberOf_s | string |
| activeDirectory_lastUserDistinguishedName_s | string |
| activeDirectory_lastUserMemberOf_s | string |
| activeThreats_d | real |
| activityType_d | real |
| activityUuid_g | string |
| agentDetectionInfo_accountId_s | string |
| agentDetectionInfo_accountName_s | string |
| agentDetectionInfo_agentDetectionState_s | string |
| agentDetectionInfo_agentDomain_s | string |
| agentDetectionInfo_agentIpV4_s | string |
| agentDetectionInfo_agentIpV6_s | string |
| agentDetectionInfo_agentLastLoggedInUserName_s | string |
| agentDetectionInfo_agentMitigationMode_s | string |
| agentDetectionInfo_agentOsName_s | string |
| agentDetectionInfo_agentOsRevision_s | string |
| agentDetectionInfo_agentRegisteredAt_t | datetime |
| agentDetectionInfo_agentUuid_g | string |
| agentDetectionInfo_agentVersion_s | string |
| agentDetectionInfo_externalIp_s | string |
| agentDetectionInfo_groupId_s | string |
| agentDetectionInfo_groupName_s | string |
| agentDetectionInfo_machineType_s | string |
| agentDetectionInfo_name_s | string |
| agentDetectionInfo_osFamily_s | string |
| agentDetectionInfo_osName_s | string |
| agentDetectionInfo_osRevision_s | string |
| agentDetectionInfo_siteId_s | string |
| agentDetectionInfo_siteName_s | string |
| agentDetectionInfo_uuid_g | string |
| agentDetectionInfo_version_s | string |
| agentId_s | string |
| agentRealtimeInfo_accountId_s | string |
| agentRealtimeInfo_accountName_s | string |
| agentRealtimeInfo_activeThreats_d | real |
| agentRealtimeInfo_agentComputerName_s | string |
| agentRealtimeInfo_agentDomain_s | string |
| agentRealtimeInfo_agentId_s | string |
| agentRealtimeInfo_agentInfected_b | bool |
| agentRealtimeInfo_agentIsActive_b | bool |
| agentRealtimeInfo_agentIsDecommissioned_b | bool |
| agentRealtimeInfo_agentMachineType_s | string |
| agentRealtimeInfo_agentMitigationMode_s | string |
| agentRealtimeInfo_agentNetworkStatus_s | string |
| agentRealtimeInfo_agentOsName_s | string |
| agentRealtimeInfo_agentOsRevision_s | string |
| agentRealtimeInfo_agentOsType_s | string |
| agentRealtimeInfo_agentUuid_g | string |
| agentRealtimeInfo_agentVersion_s | string |
| agentRealtimeInfo_groupId_s | string |
| agentRealtimeInfo_groupName_s | string |
| agentRealtimeInfo_id_s | string |
| agentRealtimeInfo_infected_b | bool |
| agentRealtimeInfo_isActive_b | bool |
| agentRealtimeInfo_isDecommissioned_b | bool |
| agentRealtimeInfo_machineType_s | string |
| agentRealtimeInfo_name_s | string |
| agentRealtimeInfo_networkInterfaces_s | string |
| agentRealtimeInfo_operationalState_s | string |
| agentRealtimeInfo_os_s | string |
| agentRealtimeInfo_rebootRequired_b | bool |
| agentRealtimeInfo_scanFinishedAt_t | datetime |
| agentRealtimeInfo_scanStartedAt_t | datetime |
| agentRealtimeInfo_scanStatus_s | string |
| agentRealtimeInfo_siteId_s | string |
| agentRealtimeInfo_siteName_s | string |
| agentRealtimeInfo_userActionsNeeded_s | string |
| agentRealtimeInfo_uuid_g | string |
| agentUpdatedVersion_s | string |
| agentVersion_s | string |
| alertInfo_alertId_s | string |
| alertInfo_analystVerdict_s | string |
| alertInfo_createdAt_t | datetime |
| alertInfo_dnsRequest_s | string |
| alertInfo_dnsResponse_s | string |
| alertInfo_dstIp_s | string |
| alertInfo_dstPort_s | string |
| alertInfo_dvEventId_s | string |
| alertInfo_eventType_s | string |
| alertInfo_hitType_s | string |
| alertInfo_incidentStatus_s | string |
| alertInfo_indicatorCategory_s | string |
| alertInfo_indicatorDescription_s | string |
| alertInfo_indicatorName_s | string |
| alertInfo_isEdr_b | bool |
| alertInfo_loginAccountDomain_s | string |
| alertInfo_loginAccountSid_s | string |
| alertInfo_loginIsAdministratorEquivalent_s | string |
| alertInfo_loginIsSuccessful_s | string |
| alertInfo_loginsUserName_s | string |
| alertInfo_loginType_s | string |
| alertInfo_netEventDirection_s | string |
| alertInfo_registryKeyPath_s | string |
| alertInfo_registryOldValue_g | string |
| alertInfo_registryOldValue_s | string |
| alertInfo_registryOldValueType_s | string |
| alertInfo_registryPath_s | string |
| alertInfo_registryValue_g | string |
| alertInfo_registryValue_s | string |
| alertInfo_reportedAt_t | datetime |
| alertInfo_source_s | string |
| alertInfo_srcIp_s | string |
| alertInfo_srcMachineIp_s | string |
| alertInfo_srcPort_s | string |
| alertInfo_updatedAt_t | datetime |
| allowRemoteShell_b | bool |
| appsVulnerabilityStatus_s | string |
| comments_s | string |
| Computer | string |
| computerName_s | string |
| consoleMigrationStatus_s | string |
| containerInfo_id_s | string |
| coreCount_d | real |
| cpuCount_d | real |
| cpuId_s | string |
| createdAt_t | datetime |
| creator_s | string |
| creatorId_s | string |
| data_accountName_s | string |
| data_fullScopeDetails_s | string |
| data_role_s | string |
| data_scopeLevel_s | string |
| data_scopeName_s | string |
| data_siteName_s | string |
| data_source_s | string |
| data_username_s | string |
| data_userScope_s | string |
| DataFields_s | string |
| description_s | string |
| detectionState_s | string |
| domain_s | string |
| encryptedApplications_b | bool |
| event_name_s | string |
| externalId_s | string |
| externalIp_s | string |
| firewallEnabled_b | bool |
| firstFullModeTime_t | datetime |
| fullDiskScanLastUpdatedAt_t | datetime |
| groupId_s | string |
| groupIp_s | string |
| groupName_s | string |
| hash_s | string |
| id_s | string |
| indicators_s | string |
| infected_b | bool |
| inherits_b | bool |
| inRemoteShellSession_b | bool |
| installerType_s | string |
| isActive_b | bool |
| isDecommissioned_b | bool |
| isDefault_b | bool |
| isPendingUninstall_b | bool |
| isUninstalled_b | bool |
| isUpToDate_b | bool |
| lastActiveDate_t | datetime |
| lastIpToMgmt_s | string |
| lastLoggedInUserName_s | string |
| licenseKey_s | string |
| locationEnabled_b | bool |
| locations_s | string |
| locationType_s | string |
| machineType_s | string |
| ManagementGroupName | string |
| MG | string |
| mitigationMode_s | string |
| mitigationModeSuspicious_s | string |
| mitigationStatus_s | string |
| modelName_s | string |
| name_s | string |
| networkInterfaces_s | string |
| networkQuarantineEnabled_b | bool |
| networkStatus_s | string |
| operationalState_s | string |
| osArch_s | string |
| osFamily_s | string |
| osName_s | string |
| osRevision_s | string |
| osStartTime_t | datetime |
| osType_s | string |
| osUsername_s | string |
| primaryDescription_s | string |
| rangerStatus_s | string |
| rangerVersion_s | string |
| RawData | string |
| registeredAt_t | datetime |
| registrationToken_s | string |
| remoteProfilingState_s | string |
| ruleInfo_description_s | string |
| ruleInfo_id_s | string |
| ruleInfo_name_s | string |
| ruleInfo_queryLang_s | string |
| ruleInfo_queryType_s | string |
| ruleInfo_s1ql_s | string |
| ruleInfo_scopeLevel_s | string |
| ruleInfo_severity_s | string |
| ruleInfo_treatAsThreat_s | string |
| scanAbortedAt_t | datetime |
| scanFinishedAt_t | datetime |
| scanStartedAt_t | datetime |
| scanStatus_s | string |
| secondaryDescription_s | string |
| serialNumber_s | string |
| showAlertIcon_b | bool |
| siteId_s | string |
| siteName_s | string |
| sourceParentProcessInfo_commandline_s | string |
| sourceParentProcessInfo_fileHashMd5_g | string |
| sourceParentProcessInfo_fileHashSha1_s | string |
| sourceParentProcessInfo_fileHashSha256_s | string |
| sourceParentProcessInfo_filePath_s | string |
| sourceParentProcessInfo_fileSignerIdentity_s | string |
| sourceParentProcessInfo_integrityLevel_s | string |
| sourceParentProcessInfo_name_s | string |
| sourceParentProcessInfo_pid_s | string |
| sourceParentProcessInfo_pidStarttime_t | datetime |
| sourceParentProcessInfo_storyline_g | string |
| sourceParentProcessInfo_storyline_s | string |
| sourceParentProcessInfo_subsystem_s | string |
| sourceParentProcessInfo_uniqueId_g | string |
| sourceParentProcessInfo_uniqueId_s | string |
| sourceParentProcessInfo_user_s | string |
| sourceProcessInfo_commandline_s | string |
| sourceProcessInfo_fileHashMd5_g | string |
| sourceProcessInfo_fileHashSha1_s | string |
| sourceProcessInfo_fileHashSha256_s | string |
| sourceProcessInfo_filePath_s | string |
| sourceProcessInfo_fileSignerIdentity_s | string |
| sourceProcessInfo_integrityLevel_s | string |
| sourceProcessInfo_name_s | string |
| sourceProcessInfo_pid_s | string |
| sourceProcessInfo_pidStarttime_t | datetime |
| sourceProcessInfo_storyline_g | string |
| sourceProcessInfo_storyline_s | string |
| sourceProcessInfo_subsystem_s | string |
| sourceProcessInfo_uniqueId_g | string |
| sourceProcessInfo_uniqueId_s | string |
| sourceProcessInfo_user_s | string |
| SourceSystem | string |
| tags_sentinelone_s | string |
| targetProcessInfo_tgtFileCreatedAt_t | datetime |
| targetProcessInfo_tgtFileHashSha1_s | string |
| targetProcessInfo_tgtFileHashSha256_s | string |
| targetProcessInfo_tgtFileId_g | string |
| targetProcessInfo_tgtFileId_s | string |
| targetProcessInfo_tgtFileIsSigned_s | string |
| targetProcessInfo_tgtFileModifiedAt_t | datetime |
| targetProcessInfo_tgtFileOldPath_s | string |
| targetProcessInfo_tgtFilePath_s | string |
| targetProcessInfo_tgtProcCmdLine_s | string |
| targetProcessInfo_tgtProcessStartTime_t | datetime |
| targetProcessInfo_tgtProcImagePath_s | string |
| targetProcessInfo_tgtProcIntegrityLevel_s | string |
| targetProcessInfo_tgtProcName_s | string |
| targetProcessInfo_tgtProcPid_s | string |
| targetProcessInfo_tgtProcSignedStatus_s | string |
| targetProcessInfo_tgtProcStorylineId_g | string |
| targetProcessInfo_tgtProcStorylineId_s | string |
| targetProcessInfo_tgtProcUid_g | string |
| targetProcessInfo_tgtProcUid_s | string |
| TenantId | string |
| threatId_s | string |
| threatInfo_analystVerdict_s | string |
| threatInfo_analystVerdictDescription_s | string |
| threatInfo_automaticallyResolved_b | bool |
| threatInfo_certificateId_s | string |
| threatInfo_classification_s | string |
| threatInfo_classificationSource_s | string |
| threatInfo_cloudFilesHashVerdict_s | string |
| threatInfo_collectionId_s | string |
| threatInfo_confidenceLevel_s | string |
| threatInfo_createdAt_t | datetime |
| threatInfo_detectionEngines_s | string |
| threatInfo_detectionType_s | string |
| threatInfo_engines_s | string |
| threatInfo_externalTicketExists_b | bool |
| threatInfo_failedActions_b | bool |
| threatInfo_fileExtension_g | string |
| threatInfo_fileExtension_s | string |
| threatInfo_fileExtensionType_s | string |
| threatInfo_filePath_s | string |
| threatInfo_fileSize_d | real |
| threatInfo_fileVerificationType_s | string |
| threatInfo_identifiedAt_t | datetime |
| threatInfo_incidentStatus_s | string |
| threatInfo_incidentStatusDescription_s | string |
| threatInfo_initiatedBy_s | string |
| threatInfo_initiatedByDescription_s | string |
| threatInfo_isFileless_b | bool |
| threatInfo_isValidCertificate_b | bool |
| threatInfo_maliciousProcessArguments_s | string |
| threatInfo_mitigatedPreemptively_b | bool |
| threatInfo_mitigationStatus_s | string |
| threatInfo_mitigationStatusDescription_s | string |
| threatInfo_originatorProcess_s | string |
| threatInfo_pendingActions_b | bool |
| threatInfo_processUser_s | string |
| threatInfo_publisherName_s | string |
| threatInfo_reachedEventsLimit_b | bool |
| threatInfo_rebootRequired_b | bool |
| threatInfo_sha1_s | string |
| threatInfo_storyline_g | string |
| threatInfo_storyline_s | string |
| threatInfo_threatId_s | string |
| threatInfo_threatName_g | string |
| threatInfo_threatName_s | string |
| threatInfo_updatedAt_t | datetime |
| threatRebootRequired_b | bool |
| TimeGenerated | datetime |
| totalAgents_d | real |
| totalMemory_d | real |
| Type | string |
| type_s | string |
| updatedAt_t | datetime |
| userActionsNeeded_s | string |
| userId_s | string |
| uuid_g | string |
| whiteningOptions_s | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| [DEPRECATED] SentinelOne (using Azure Function) |
In solution SentinelOne:
In solution SentinelOne:
In solution SentinelOne:
| Workbook | Selection Criteria |
|---|---|
| SentinelOne |
| Parser | Schema | Product | Selection Criteria |
|---|---|---|---|
| ASimAlertEventSentinelOneSingularity | AlertEvent | SentinelOne | |
| ASimAuditEventSentinelOne | AuditEvent | SentinelOne | |
| ASimAuthenticationSentinelOne | Authentication | SentinelOne | |
| ASimDnsSentinelOne | Dns | SentinelOne | |
| ASimFileEventSentinelOne | FileEvent | SentinelOne | |
| ASimNetworkSessionSentinelOne | NetworkSession | SentinelOne | |
| ASimProcessCreateSentinelOne | ProcessEvent | SentinelOne | |
| ASimRegistryEventSentinelOne | RegistryEvent | SentinelOne | |
| ASimUserManagementSentinelOne | UserManagement | SentinelOne |
| Parser | Solution | Selection Criteria |
|---|---|---|
| SentinelOne | SentinelOne | |
| SentinelOne | SentinelOne ⚠️ |
⚠️ Parsers marked with ⚠️ are not listed in their Solution JSON file.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊