| CertificateCountersignatureTime |
Date and time the certificate was countersigned |
DateTime |
| CertificateCreationTime |
Date and time the certificate was created |
DateTime |
| CertificateExpirationTime |
Date and time the certificate is set to expire |
DateTime |
| CertificateSerialNumber |
Identifier for the certificate that is unique to the issuing certificate authority (CA) |
String |
| CrlDistributionPointUrls |
JSON array listing the URLs of network shares that contain certificates and certificate revocation lists (CRLs) |
String |
| DeviceId |
Unique identifier for the device in the service |
String |
| DeviceName |
Fully qualified domain name (FQDN) of the device |
String |
| IsRootSignerMicrosoft |
Indicates whether the signer of the root certificate is Microsoft |
Boolean |
| IsSigned |
Indicates whether the file is signed |
Boolean |
| Issuer |
Information about the issuing certificate authority (CA) |
String |
| IssuerHash |
Unique hash value identifying issuing certificate authority (CA) |
String |
| IsTrusted |
Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes |
Boolean |
| MachineGroup |
|
String |
| ReportId |
Event identifier based on a repeating counter.To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns. |
Int64 |
| SHA1 |
SHA-1 hash of the file that the recorded action was applied to |
String |
| SignatureType |
Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file |
String |
| Signer |
Information about the signer of the file |
String |
| SignerHash |
Unique hash value identifying the signer |
String |
| SourceSystem |
|
String |
| TenantId |
|
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
|
String |