Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| amsi_threat_data | dynamic |
| appCerts | dynamic |
| AppSha256 | string |
| CoreRemedyItems | string |
| CoreRemedyTotalItems | int |
| Created | datetime |
| CustomerId | string |
| details | dynamic |
| DstUserSid | string |
| DvcAction | string |
| DvcHostname | string |
| EndpointId | string |
| EventEndTime | datetime |
| EventMessage | string |
| EventOriginalUid | string |
| EventProduct | string |
| EventSeverity | string |
| EventSubType | string |
| EventType | string |
| EventVendor | string |
| ips_threat_data | dynamic |
| Source | string |
| source_info | dynamic |
| SrcDvcType | string |
| SrcIpAddr | string |
| ThreatCategory | string |
| ThreatName | string |
| TimeGenerated | datetime |
| whitelist_properties | dynamic |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Sophos Endpoint Protection (via Codeless Connector Platform) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊