| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AssignedTo |
ID of the user assigned to the incident. |
String |
| AssignedToName |
Name of the user assigned to handle the incident. |
String |
| Cid |
Customer ID in the CrowdStrike platform. |
String |
| Created |
Timestamp when the incident was created. |
DateTime |
| Description |
Detailed description of the incident. |
String |
| EmailState |
Current state of email notifications for the incident. |
String |
| End |
Timestamp when the incident was closed or resolved. |
DateTime |
| EventsHistogram |
Timeline of events associated with the incident. |
Object |
| FineScore |
Severity score assigned to the incident. |
Int32 |
| GroupingIds |
List of IDs used to group related incidents. |
Object |
| HostIds |
List of host IDs involved in the incident. |
Object |
| Hosts |
Detailed information about affected hosts. |
Object |
| IncidentId |
Unique identifier for the incident. |
String |
| IncidentType |
Numerical identifier for the type of incident. |
Int32 |
| LmHostIds |
List of host IDs associated with Lightweight Mode. |
Object |
| LmHostsCapped |
Indicates if the number of Lightweight Mode hosts was capped. |
Boolean |
| LmraHostIds |
List of host IDs associated with LMRA (Lightweight Mode Remote Access). |
Object |
| LmraHostsCapped |
Indicates if the number of LMRA hosts was capped. |
Boolean |
| LmTypes |
Types of Lightweight Mode configurations. |
Int32 |
| ModifiedTimestamp |
Timestamp when the incident was last modified. |
DateTime |
| Name |
Name or title of the incident. |
String |
| Objectives |
List of attacker objectives identified in the incident. |
Object |
| SourceSystem |
|
String |
| Start |
Timestamp when the incident started. |
DateTime |
| State |
Current state of the incident. |
String |
| Status |
Numerical status code of the incident. |
Int32 |
| Tactics |
List of MITRE ATT&CK tactics identified in the incident. |
Object |
| Tags |
Custom tags associated with the incident. |
Object |
| Techniques |
List of MITRE ATT&CK techniques identified in the incident. |
Object |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| TimeGenerated |
The timestamp (UTC) when the incident data was ingested. |
DateTime |
| Type |
The name of the table |
String |
| Users |
List of users involved in or affected by the incident. |
Object |