| AccountName |
User name of the account |
String |
| ActionType |
Type of activity that triggered the event |
String |
| AdditionalFields |
Additional information about the entity or event |
Object |
| AwsResourceName |
Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name |
String |
| AzureResourceId |
Unique identifier of the Azure resource associated with the process |
String |
| ContainerId |
The container identifier in Kubernetes or another runtime environment |
String |
| ContainerImageName |
The container image name or ID, if it exists |
String |
| ContainerName |
Name of the container in Kubernetes or another runtime environment |
String |
| FileName |
Name of the file that the recorded action was applied to |
String |
| FolderPath |
Folder containing the file that the recorded action was applied to |
String |
| GcpFullResourceName |
Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP |
String |
| InitiatingProcessId |
Process ID (PID) of the process that initiated the event |
Int64 |
| KubernetesNamespace |
The Kubernetes namespace name |
String |
| KubernetesPodName |
The Kubernetes pod name |
String |
| KubernetesResource |
Unique identifier for the Kubernetes resource that includes the namespace, resource type and name |
String |
| LogonId |
Identifier for a logon session. This identifier is unique on the same machine only between restarts |
Int64 |
| ParentProcessId |
The process ID (PID) of the parent process |
Int64 |
| ParentProcessName |
The name of the parent process |
String |
| ProcessCommandLine |
Command line used to create the new process |
String |
| ProcessCreationTime |
Date and time the process was created |
DateTime |
| ProcessCurrentWorkingDirectory |
Current working directory of the running process |
String |
| ProcessId |
Process ID (PID) of the newly created process |
Int64 |
| ProcessName |
The name of the process |
String |
| ReportId |
Unique identifier for the event |
String |
| SourceSystem |
|
String |
| TenantId |
|
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
|
String |