| resource_id |
string |
resourceId$ |
Full resource string identifying the record |
| tenant_id |
string |
tenantId$ |
The ID of the tenant that owns this specific to CTPX ID |
| sensor_type |
string |
sensorType$ |
Type of device that generated this event. Ex: redcloak, iSensor |
| sensor_event_id |
string |
sensorEventId$ |
Event ID of original_data assigned by the sensor |
| sensor_tenant |
string |
sensorTenant$ |
A customer ID supplied by the application that originated the data. Ex: redloak-domain, ctp-client-id |
| sensor_id |
string |
sensorId$ |
An ID for the data supplied by the application that originated it. Ex: redcloak-agent-id, iSensor Dev IP |
| sensor_cpe |
string |
sensorCpe$ |
CPE of the platform producing the alert. Ex: cpe:2.3:a:secureworks:redcloak:::::::: |
| original_data |
string |
originalData$ |
Original, unadulterated data prior to any transformation. |
| event_time_usec |
uint64 |
eventTimeUsec$ |
Event time in microseconds (µs) |
| ingest_time_usec |
uint64 |
ingestTimeUsec$ |
Ingest time in microseconds (µs). |
| event_time_fidelity |
TimeFidelity |
eventTimeFidelity$ |
Specifies the original precision of the time used to populate event_time_usec |
| client_hostname |
string |
clientHostname$ |
Hostname of the DHCP client machine |
| client_address |
string |
clientAddress$ |
IP of the DHCP client machine |
| client_mac |
string |
clientMac$ |
MAC address for the client |
| server_hostname |
string |
serverHostname$ |
Hostname of the DHCP server |
| server_address |
string |
serverAddress$ |
IP of the DHCP server |
| server_mac |
string |
serverMac$ |
MAC address for the server |
| action |
Dhcp.DHCP_Action |
action$ |
Action for the DHCP event |
| expiration_time_usec |
uint64 |
expirationTimeUsec$ |
Expiration Date for the lease |
| host_id |
string |
hostId$ |
Host ID -- uniquely identifies the host where the event originated. e.g. IPv(4/6) address; Device Mac Address |
| sensor_version |
string |
sensorVersion$ |
The agent version as string. |
