Event Integration Event Fields

This article explains the fields for events that are uploaded to third-party platform with the Events Integration.

Every event is represented by a separate JSON, and the JSONs are separated by a new line.

These are the event fields:

'anti_malware_reference'

'defined_host_name'

'dns_name'

'http_host_name'

'permittedRole'

'reason'

'socket_serial'

'throttled_event_sub_type'

'tls_certificate_error'

'tunnel_connection_description'

'vpn_release'

'socket_timeline_time'

'device_posture_profile'

'http_request_method'

'xff'

'logged_in_user'

'mw_db_version'

'epp_profile'

'quarantine_uuid'

'src_pid'

'src_process_path'

'src_process_cmdline'

'src_process_parent_pid'

'src_process_parent_path'

'dst_pid'

'dst_process_path'

'dst_process_cmdline'

'dst_process_parent_pid'

'dst_process_parent_path'

'detection_stage'

'detection_name'

'disinfect_result'

'processes_count'

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment