This article explains the fields for events that are uploaded to third-party platform with the Events Integration.
Every event is represented by a separate JSON, and the JSONs are separated by a new line.
These are the event fields:
-
'anti_malware_reference'
-
'defined_host_name'
-
'dns_name'
-
'http_host_name'
-
'permittedRole'
-
'reason'
-
'socket_serial'
-
'throttled_event_sub_type'
-
'tls_certificate_error'
-
'tunnel_connection_description'
-
'vpn_release'
-
'socket_timeline_time'
-
'device_posture_profile'
-
'http_request_method'
-
'xff'
-
'logged_in_user'
-
'mw_db_version'
-
'epp_profile'
-
'quarantine_uuid'
-
'src_pid'
-
'src_process_path'
-
'src_process_cmdline'
-
'src_process_parent_pid'
-
'src_process_parent_path'
-
'dst_pid'
-
'dst_process_path'
-
'dst_process_cmdline'
-
'dst_process_parent_pid'
-
'dst_process_parent_path'
-
'detection_stage'
-
'detection_name'
-
'disinfect_result'
-
'processes_count'
0 comments
Please sign in to leave a comment.