| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AgentId |
Unique identifier for the CrowdStrike agent that generated the alert. |
String |
| AggregateId |
Identifier for aggregated alerts from the same source. |
String |
| AlertType |
The type or category of the CrowdStrike alert. |
String |
| AssignedToName |
Name of the user assigned to handle the alert. |
String |
| AssignedToUid |
User ID of the assigned user. |
String |
| AssignedToUuid |
UUID of the assigned user. |
String |
| Cid |
Customer ID in the CrowdStrike platform. |
String |
| CompositeId |
Composite identifier combining multiple alert attributes. |
String |
| Confidence |
Confidence score of the alert (0-100). |
Int32 |
| CrawledTimestamp |
Timestamp when the alert data was last crawled. |
DateTime |
| CreatedTimestamp |
Timestamp when the alert was first created. |
DateTime |
| DataDomains |
Domains associated with the alert. |
Object |
| Description |
Detailed description of the alert. |
String |
| DisplayName |
Human-readable name for the alert. |
String |
| EmailSent |
Indicates if an email notification was sent for this alert. |
Boolean |
| External |
Indicates if the alert originated from an external source. |
Boolean |
| Id |
Unique identifier for the alert. |
String |
| Name |
Name of the alert. |
String |
| Objective |
The attacker’s presumed objective. |
String |
| PatternId |
Identifier for the detection pattern that triggered the alert. |
Int32 |
| Platform |
Operating system or platform where the alert was detected. |
String |
| Product |
CrowdStrike product that generated the alert. |
String |
| Scenario |
Security scenario that triggered the alert. |
String |
| SecondsToResolved |
Time in seconds from alert creation to resolution. |
Int32 |
| SecondsToTriaged |
Time in seconds from alert creation to triage. |
Int32 |
| Severity |
Severity level of the alert. |
Int32 |
| SeverityName |
Text representation of the severity level. |
String |
| ShowInUi |
Indicates if the alert should be displayed in the user interface. |
Boolean |
| SourceProducts |
List of products that contributed to this alert. |
Object |
| SourceSystem |
|
String |
| SourceVendors |
List of vendors associated with the alert sources. |
Object |
| Status |
Current status of the alert. |
String |
| Tactic |
MITRE ATT&CK tactic associated with the alert. |
String |
| TacticId |
Identifier of the MITRE ATT&CK tactic. |
String |
| Tags |
Custom tags associated with the alert. |
Object |
| Technique |
MITRE ATT&CK technique associated with the alert. |
String |
| TechniqueId |
Identifier of the MITRE ATT&CK technique. |
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| TimeGenerated |
The timestamp (UTC) when the alert was generated. |
DateTime |
| Timestamp |
Time when the alert event occurred. |
DateTime |
| Type |
The name of the table |
String |
| UpdatedTimestamp |
Time when the alert was last updated. |
DateTime |