This article explains the fields for events that are uploaded to third-party platform with the Events Integration.
Every event is represented by a separate JSON, and the JSONs are separated by a new line.
These are the event fields:
'anti_malware_reference'
'defined_host_name'
'dns_name'
'http_host_name'
'permittedRole'
'reason'
'socket_serial'
'throttled_event_sub_type'
'tls_certificate_error'
'tunnel_connection_description'
'vpn_release'
'socket_timeline_time'
'device_posture_profile'
'http_request_method'
'xff'
'logged_in_user'
'mw_db_version'
'epp_profile'
'quarantine_uuid'
'src_pid'
'src_process_path'
'src_process_cmdline'
'src_process_parent_pid'
'src_process_parent_path'
'dst_pid'
'dst_process_path'
'dst_process_cmdline'
'dst_process_parent_pid'
'dst_process_parent_path'
'detection_stage'
'detection_name'
'disinfect_result'
'processes_count'
0 comments
Please sign in to leave a comment.