resource_id |
string |
resourceId$ |
Full resource string identifying the record |
tenant_id |
string |
tenantId$ |
The ID of the tenant that owns this specific to CTPX ID |
sensor_type |
string |
sensorType$ |
Type of device that generated this event. Ex: redcloak, iSensor |
sensor_event_id |
string |
sensorEventId$ |
Event ID of original_data assigned by the sensor |
sensor_tenant |
string |
sensorTenant$ |
A customer ID supplied by the application that originated the data. Ex: redloak-domain, ctp-client-id |
sensor_id |
string |
sensorId$ |
An ID for the data supplied by the application that originated it. Ex: redcloak-agent-id, iSensor Dev IP |
sensor_cpe |
string |
sensorCpe$ |
CPE of the platform producing the alert. Ex: cpe:2.3:a:secureworks:redcloak:::::::: |
original_data |
string |
originalData$ |
Original, unadulterated data prior to any transformation. |
event_time_usec |
uint64 |
eventTimeUsec$ |
Event time in microseconds (µs) |
ingest_time_usec |
uint64 |
ingestTimeUsec$ |
Ingest time in microseconds (µs). |
event_time_fidelity |
TimeFidelity |
eventTimeFidelity$ |
Specifies the original precision of the time used to populate event_time_usec |
client_hostname |
string |
clientHostname$ |
Hostname of the DHCP client machine |
client_address |
string |
clientAddress$ |
IP of the DHCP client machine |
client_mac |
string |
clientMac$ |
MAC address for the client |
server_hostname |
string |
serverHostname$ |
Hostname of the DHCP server |
server_address |
string |
serverAddress$ |
IP of the DHCP server |
server_mac |
string |
serverMac$ |
MAC address for the server |
action |
Dhcp.DHCP_Action |
action$ |
Action for the DHCP event |
expiration_time_usec |
uint64 |
expirationTimeUsec$ |
Expiration Date for the lease |
host_id |
string |
hostId$ |
Host ID -- uniquely identifies the host where the event originated. e.g. IPv(4/6) address; Device Mac Address |
sensor_version |
string |
sensorVersion$ |
The agent version as string. |