| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| ActingAppName |
The name of the application initiating the action. |
String |
| ActingAppType |
The type of the application initiating the action (e.g., Browser, API client). |
String |
| ActorDetailEntry |
Detailed information about the actor performing the action, if available. |
Object |
| ActorDisplayName |
The display name of the actor performing the action. |
String |
| ActorSessionId |
The session ID associated with the actor performing the action. |
String |
| ActorUserId |
The user ID of the actor performing the action, if applicable. |
String |
| ActorUserIdType |
The type of user ID for the actor (e.g., OktaId). |
String |
| ActorUsername |
The username of the actor performing the action. |
String |
| ActorUsernameType |
The type of username for the actor (e.g., UPN). |
String |
| ActorUserType |
The type of the actor (e.g., Regular, System Principal). |
String |
| AuthenticationContextAuthenticationProvider |
The authentication provider used in the context of the action. |
String |
| AuthenticationContextAuthenticationStep |
The step in the authentication process when the action occurred. |
Int32 |
| AuthenticationContextCredentialProvider |
The credential provider used during the authentication process. |
String |
| AuthenticationContextInterface |
The interface used during the authentication process (e.g., web, mobile). |
String |
| AuthenticationContextIssuerId |
The ID of the issuer involved in the authentication process. |
String |
| AuthenticationContextIssuerType |
The type of the issuer involved in the authentication process. |
String |
| DebugData |
Additional debugging data related to the event. |
Object |
| DvcAction |
The result of the device action (e.g., Allow, Deny, Partial). |
String |
| EventMessage |
A descriptive message associated with the event. |
String |
| EventOriginalResultDetails |
Details of the original result of the event outcome. |
String |
| EventOriginalType |
The original type of the event before transformation. |
String |
| EventOriginalUid |
The unique identifier for the original event. |
String |
| EventResult |
The high-level result of the event (e.g., Success, Failure). |
String |
| EventSeverity |
The severity level of the event (e.g., Informational, High). |
String |
| HttpUserAgent |
The raw user-agent string of the client initiating the event. |
String |
| LegacyEventType |
The legacy type identifier for the event, if applicable. |
String |
| LogonMethod |
The method used for logging in (e.g., password, token). |
String |
| OriginalActorAlternateId |
The alternate ID of the actor in the original event data. |
String |
| OriginalClientDevice |
The type of client device initiating the event (e.g., Computer). |
String |
| OriginalOutcomeResult |
The raw outcome result of the original event. |
String |
| OriginalSeverity |
The raw severity level of the original event. |
String |
| OriginalTarget |
The original target(s) involved in the event. |
Object |
| OriginalUserId |
The original user ID in the event data. |
String |
| OriginalUserType |
The type of user in the original event data. |
String |
| Request |
Details of the request associated with the event. |
Object |
| SecurityContextAsNumber |
The autonomous system (AS) number in the security context. |
Int32 |
| SecurityContextAsOrg |
The organization associated with the AS number in the security context. |
String |
| SecurityContextDomain |
The domain involved in the security context. |
String |
| SecurityContextIsProxy |
Indicates whether a proxy is used in the security context. |
Boolean |
| SourceSystem |
|
String |
| SrcDeviceType |
The type of the source device (e.g., Computer). |
String |
| SrcDvcId |
The unique identifier for the source device. |
String |
| SrcDvcIdType |
The type of source device ID (e.g., OktaId). |
String |
| SrcDvcOs |
The operating system of the source device. |
String |
| SrcGeoCity |
The city of the source device’s geographic location. |
String |
| SrcGeoCountry |
The country of the source device’s geographic location. |
String |
| SrcGeoLatitude |
The latitude of the source device’s geographic location. |
Double |
| SrcGeoLongtitude |
The longitude of the source device’s geographic location. |
Double |
| SrcGeoPostalCode |
The postal code of the source device’s geographic location. |
String |
| SrcGeoRegion |
The region/state of the source device’s geographic location. |
String |
| SrcIpAddr |
The IP address of the source device. |
String |
| SrcIsp |
The Internet Service Provider (ISP) of the source device. |
String |
| SrcZone |
The network zone of the source device. |
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| TimeGenerated |
The time the event was generated. |
DateTime |
| TransactionDetail |
Details about the transaction associated with the event. |
Object |
| TransactionId |
The unique identifier of the transaction. |
String |
| TransactionType |
The type of transaction associated with the event. |
String |
| Type |
The name of the table |
String |
| Version |
The version of the event format or schema. |
String |