Event Integration Event Fields

This article explains the fields for events that are uploaded to third-party platform with the Events Integration.

Every event is represented by a separate JSON, and the JSONs are separated by a new line.

These are the event fields:

  • 'anti_malware_reference'

  • 'defined_host_name'

  • 'dns_name'

  • 'http_host_name'

  • 'permittedRole'

  • 'reason'

  • 'socket_serial'

  • 'throttled_event_sub_type'

  • 'tls_certificate_error'

  • 'tunnel_connection_description'

  • 'vpn_release'

  • 'socket_timeline_time'

  • 'device_posture_profile'

  • 'http_request_method'

  • 'xff'

  • 'logged_in_user'

  • 'mw_db_version'

  • 'epp_profile'

  • 'quarantine_uuid'

  • 'src_pid'

  • 'src_process_path'

  • 'src_process_cmdline'

  • 'src_process_parent_pid'

  • 'src_process_parent_path'

  • 'dst_pid'

  • 'dst_process_path'

  • 'dst_process_cmdline'

  • 'dst_process_parent_pid'

  • 'dst_process_parent_path'

  • 'detection_stage'

  • 'detection_name'

  • 'disinfect_result'

  • 'processes_count'

Was this article helpful?

0 out of 2 found this helpful

0 comments