| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AlertSeverity |
Severity of the threat. One of INFORMATIONAL, LOW, MEDIUM, HIGH, or CRITICAL. |
String |
| AlertTime |
Time when the threat was discovered. |
DateTime |
| Application |
Suspected traffic’s application type—for example, SSH. |
String |
| AuthenticationInfoPrincipalEmail |
Email address of the authenticated user or service account initiating the request. |
String |
| AuthorizationInfo |
Information about permissions or roles evaluated for the operation. |
String |
| Category |
Sub-type of the threat. |
String |
| CVEs |
A list of CVEs associated with the threat. |
String |
| DestinationIPAddress |
Suspected traffic’s destination IP address. |
String |
| DestinationPort |
Suspected traffic’s destination port. |
String |
| Details |
Additional information about the type of threat. |
String |
| Direction |
Suspected traffic’s direction (client-to-server or server-to-client). |
String |
| ElapsedTime |
The elapsed time of the session. |
String |
| InsertId |
A unique identifier for the log entry. |
String |
| IPProtocol |
Suspected traffic’s IP protocol. |
String |
| JsonPayloadName |
Threat name. |
String |
| JsonPayloadType |
Type of the threat. |
String |
| LogName |
The full log name including resource path. |
String |
| MethodName |
Name of the API method or function that was invoked. |
String |
| Network |
The network associated with the IDS endpoint. |
String |
| NumResponseItems |
Number of items returned in the response, if applicable. |
String |
| OperationFirst |
Indicates if this is the first log entry in a sequence of operations. |
Boolean |
| OperationId |
Unique identifier for the operation, useful for tracking and correlating across logs. |
String |
| OperationLast |
Indicates if this is the last log entry in a sequence of operations. |
Boolean |
| OperationProducer |
Component or service that generated the operation. |
String |
| PayloadType |
Type or format of the payload associated with the request. |
String |
| ReceiveTimestamp |
Time the log entry was received by Cloud Logging. |
DateTime |
| RepeatCount |
The number of sessions with the same source IP, destination IP, application, and type seen within 5 seconds. |
String |
| RequestEndpointId |
Unique identifier of the endpoint that handled the request. |
String |
| RequestEndpointName |
Name of the endpoint to which the request was sent. |
String |
| RequestEndpointNetwork |
Network path or name through which the endpoint was accessed. |
String |
| RequestEndpointSeverity |
Severity associated with the endpoint in the context of threat detection or access. |
String |
| RequestEndpointThreatExceptions |
Threat exceptions applied to the endpoint for this request, if any. |
String |
| RequestEndpointTrafficLogs |
Details or references to traffic logs related to the endpoint request. |
String |
| RequestMetadataCallerIP |
IP address of the caller who initiated the request. |
String |
| RequestMetadataDestinationAttributes |
Metadata attributes about the destination service or resource. |
String |
| RequestMetadataRequestAttributesAuth |
Authentication-related request attributes, such as tokens or auth levels. |
String |
| RequestMetadataRequestAttributesReason |
Reason for the request, such as a policy action or user-initiated change. |
String |
| RequestMetadataRequestAttributesTime |
Timestamp of when the request attributes were recorded. |
DateTime |
| RequestName |
Name or identifier of the resource being accessed or modified in the request. |
String |
| RequestParent |
Parent resource of the request, indicating hierarchy or context. |
String |
| RequestType |
Type of request. |
String |
| RequestUpdateMaskPaths |
The paths to be updated in the request. |
String |
| ResourceLabelsId |
Unique identifier for the resource involved in the log entry. |
String |
| ResourceLabelsLocation |
Geographic or regional location of the resource. |
String |
| ResourceLabelsMethod |
The method or operation performed on the resource, often linked to an API call or service method. |
String |
| ResourceLabelsProjectId |
Project ID associated with the resource, typically representing the Google Cloud project. |
String |
| ResourceLabelsResourceContainer |
Name of the container or logical grouping the resource belongs to (e.g., folder, organization). |
String |
| ResourceLabelsService |
Service label indicating which cloud service. |
String |
| ResourceLocationCurrentLocations |
Current physical or logical location(s) of the resource at the time of the log entry. |
String |
| ResponseName |
Name or ID of the resource returned in the response. |
String |
| ResponseNetwork |
Network path or identifier associated with the response. |
String |
| ResponseSeverity |
Severity level of the response, especially in the context of errors or alerts. |
String |
| ResponseState |
State or result of the response action taken for the detected threat. |
String |
| ResponseThreatExceptions |
List of any threat exceptions applied during the response, allowing specific threats to bypass enforcement. |
String |
| ResponseTrafficLogs |
Indicates whether traffic logs were captured for the session or threat response. |
Boolean |
| ResponseType |
Type or format of the response returned from the operation. |
String |
| ServiceName |
Name of the cloud service associated with the log entry or threat detection. |
String |
| SessionId |
An internal numerical identifier applied to each session. |
String |
| Severity |
Indicates the severity level of the log entry or event. |
String |
| SourceIPAddress |
Suspected traffic’s source IP address. |
String |
| SourcePort |
The source port of the traffic. |
String |
| SourceSystem |
|
String |
| StartTime |
The time of the session start. |
DateTime |
| Status |
Status of the operation or request, such as SUCCESS, FAILURE, or ERROR. |
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| ThreatId |
Unique threat identifier. |
String |
| TimeGenerated |
The timestamp when the log entry was generated and ingested by the logging system. |
DateTime |
| Timestamp |
The original timestamp of the event as recorded by the source system. |
DateTime |
| TotalBytes |
The total number of bytes transferred in the session. |
String |
| TotalPackets |
The total number of packets transferred in the session. |
String |
| Type |
The name of the table |
String |
| URIOrFilename |
URI or filename of the relevant threat, if applicable. |
String |