Reference
UDM Fields
Complete reference of all Unified Data Model (UDM) fields available in nano SIEM
Complete reference of all 525+ Unified Data Model (UDM) fields available in nano. These fields provide a standardized schema for security log data based on industry-standard data models.
Showing 505 of 505 fields
Field Name | Type | Category | Description |
|---|---|---|---|
| action | String | Endpoint | Endpoint |
| additional_answer_count | Integer | DNS | DNS |
| answer | String | DNS | DNS |
| answer_count | Integer | DNS | DNS |
| app | String | System | System |
| app_id | Integer | Data Access | Data Access |
| array | String | Inventory | Inventory |
| auth_result | String | Authentication | Authentication |
| auth_type | String | Authentication | Authentication |
| authentication_method | String | Authentication | Authentication |
| authentication_service | String | Authentication | Authentication |
| authority_answer_count | Integer | DNS | DNS |
| availability | String | Databases | Databases |
| avg_executions | String | Databases | Databases |
| blocksize | String | Inventory | Inventory |
| buffer_cache_hit_ratio | Float | Databases | Databases |
| bugtraq | String | Vulnerability | Vulnerability |
| bytes | Long | Network | Network |
| bytes_in | Long | Network | Network |
| bytes_out | Long | Network | Network |
| cached | String | Web | Web |
| category | String | Data Loss Prevention | Data Loss Prevention |
| cert | String | Vulnerability | Vulnerability |
| change_type | String | System | System |
| channel | String | Network | Network |
| cloud_account_id | Integer | Cloud | Cloud |
| cloud_account_name | String | Cloud | Cloud |
| cloud_provider | String | Cloud | Cloud |
| cloud_region | String | Cloud | Cloud |
| cloud_service | String | Cloud | Cloud |
| cluster | String | Inventory | Inventory |
| command | String | Endpoint | Endpoint |
| command_line | String | Endpoint | Endpoint |
| commits | String | Databases | Databases |
| cookie | String | Web | Web |
| cpu_cores | String | Inventory | Inventory |
| cpu_count | Integer | Inventory | Inventory |
| cpu_load_mhz | Float | Performance | Performance |
| cpu_load_percent | Float | Endpoint | Endpoint |
| cpu_mhz | String | Inventory | Inventory |
| cpu_used | String | Databases | Databases |
| cpu_user_percent | Float | Performance | Performance |
| creation_time | Timestamp | Endpoint | Endpoint |
| cursor | String | Databases | Databases |
| custom_dest_ip_risk | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_dest_ip_tags | Array | Custom Enrichment | Custom Enrichment |
| custom_domain_risk | String | Custom Enrichment | Custom Enrichment |
| custom_domain_tags | Array | Custom Enrichment | Custom Enrichment |
| custom_hash_risk | String | Custom Enrichment | Custom Enrichment |
| custom_hash_tags | Array | Custom Enrichment | Custom Enrichment |
| custom_ioc_dest_ip_confidence | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_ioc_dest_ip_malware | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_ioc_dest_ip_threat_type | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_ioc_domain_confidence | Integer | Custom Enrichment | Custom Enrichment |
| custom_ioc_domain_threat_type | String | Custom Enrichment | Custom Enrichment |
| custom_ioc_hash_confidence | Integer | Custom Enrichment | Custom Enrichment |
| custom_ioc_hash_threat_type | String | Custom Enrichment | Custom Enrichment |
| custom_ioc_src_ip_confidence | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_ioc_src_ip_malware | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_ioc_src_ip_threat_type | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_src_ip_risk | IpAddress | Custom Enrichment | Custom Enrichment |
| custom_src_ip_tags | Array | Custom Enrichment | Custom Enrichment |
| custom_url_risk | String | Custom Enrichment | Custom Enrichment |
| custom_url_tags | Array | Custom Enrichment | Custom Enrichment |
| cve | String | Vulnerability | Vulnerability |
| cvss | String | Vulnerability | Vulnerability |
| date | String | System | System |
| delay | String | ||
| description | String | Alerts | Alerts |
| dest | String | Alerts | Alerts |
| dest_dns | String | Network | Network |
| dest_host | String | Network | Network |
| dest_interface | String | Network | Network |
| dest_ip | IpAddress | Network | Network |
| dest_ip_range | IpAddress | Network | Network |
| dest_mac | String | Network | Network |
| dest_name | String | Data Access | Data Access |
| dest_nt_domain | String | Authentication | Authentication |
| dest_nt_host | String | Network | Network |
| dest_port | Integer | Network | Network |
| dest_port_range | String | Network | Network |
| dest_translated_ip | IpAddress | Network | Network |
| dest_translated_port | Integer | Network | Network |
| dest_type | String | Alerts | Alerts |
| dest_url | String | Data Access | Data Access |
| dest_user | String | Authentication | Authentication |
| dest_user_identity_account_status | String | Enrichment | Enrichment |
| dest_user_identity_company | String | Enrichment | Enrichment |
| dest_user_identity_country | String | Enrichment | Enrichment |
| dest_user_identity_department | String | Enrichment | Enrichment |
| dest_user_identity_display_name | String | Enrichment | Enrichment |
| dest_user_identity_email | String | Enrichment | Enrichment |
| dest_user_identity_employee_id | Integer | Enrichment | Enrichment |
| dest_user_identity_employee_type | String | Enrichment | Enrichment |
| dest_user_identity_groups | String | Enrichment | Enrichment |
| dest_user_identity_manager | String | Enrichment | Enrichment |
| dest_user_identity_manager_upn | String | Enrichment | Enrichment |
| dest_user_identity_mfa_enabled | Boolean | Enrichment | Enrichment |
| dest_user_identity_office_location | String | Enrichment | Enrichment |
| dest_user_identity_phone | String | Enrichment | Enrichment |
| dest_user_identity_title | String | Enrichment | Enrichment |
| dest_zone | String | Data Loss Prevention | Data Loss Prevention |
| direction | String | Network | Network |
| dlp_type | String | Data Loss Prevention | Data Loss Prevention |
| dns | String | Inventory | Inventory |
| dns_answers | String | DNS | DNS |
| dump_area_used | String | Databases | Databases |
| duration | String | Network | Network |
| dvc | String | Network | Network |
| dvc_ip | IpAddress | Network | Network |
| dvc_mac | String | Network | Network |
| dvc_zone | String | Network | Network |
| elapsed_time | Timestamp | Databases | Databases |
| String | Data Access | Data Access | |
| enabled | String | Inventory | Inventory |
| enrich_time | Timestamp | System | System |
| enriched_dest_as_domain | String | Enrichment | Enrichment |
| enriched_dest_as_name | String | Enrichment | Enrichment |
| enriched_dest_asn | String | Enrichment | Enrichment |
| enriched_dest_continent | String | Enrichment | Enrichment |
| enriched_dest_continent_code | Integer | Enrichment | Enrichment |
| enriched_dest_country | String | Enrichment | Enrichment |
| enriched_dest_country_code | Integer | Enrichment | Enrichment |
| enriched_src_as_domain | String | Enrichment | Enrichment |
| enriched_src_as_name | String | Enrichment | Enrichment |
| enriched_src_asn | String | Enrichment | Enrichment |
| enriched_src_continent | String | Enrichment | Enrichment |
| enriched_src_continent_code | Integer | Enrichment | Enrichment |
| enriched_src_country | String | Enrichment | Enrichment |
| enriched_src_country_code | Integer | Enrichment | Enrichment |
| error_code | Integer | Web | Web |
| ext | String | System | System |
| family | String | Inventory | Inventory |
| fan_speed | String | Performance | Performance |
| fd_max | String | Inventory | Inventory |
| fd_used | String | Performance | Performance |
| file_access_time | Timestamp | Endpoint | Endpoint |
| file_acl | String | Endpoint | Endpoint |
| file_action | String | Endpoint | Endpoint |
| file_create_time | Timestamp | Endpoint | Endpoint |
| file_hash | String | Endpoint | Endpoint |
| file_modify_time | Timestamp | Endpoint | Endpoint |
| file_name | String | Endpoint | Endpoint |
| file_path | String | Endpoint | Endpoint |
| file_size | Long | Endpoint | Endpoint |
| filter_action | String | ||
| filter_score | Float | ||
| flow_id | Integer | Network | Network |
| free_bytes | Long | Databases | Databases |
| http_content_type | String | Web | Web |
| http_method | String | Web | Web |
| http_referrer | String | Web | Web |
| http_referrer_domain | String | Web | Web |
| http_status_code | Integer | Web | Web |
| http_user_agent | String | Web | Web |
| http_user_agent_length | String | Web | Web |
| hypervisor | String | Inventory | Inventory |
| hypervisor_id | Integer | Inventory | Inventory |
| icmp_code | Integer | Network | Network |
| icmp_type | String | Network | Network |
| id | String | System | System |
| ids_type | String | Alerts | Alerts |
| image_id | Integer | Cloud | Cloud |
| indexes_hit | String | Databases | Databases |
| ingest_time | Timestamp | System | System |
| inline_nat | String | Inventory | Inventory |
| instance_name | String | Databases | Databases |
| instance_reads | String | Databases | Databases |
| instance_type | String | Cloud | Cloud |
| instance_version | String | Databases | Databases |
| instance_writes | String | Databases | Databases |
| interactive | String | Inventory | Inventory |
| interface | String | Inventory | Inventory |
| internal_message_id | Integer | ||
| ioc_confidence | Integer | Threat Intelligence | Threat Intelligence |
| ioc_dest_ip_confidence | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_dest_ip_malware | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_dest_ip_threat_type | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_domain_confidence | Integer | Threat Intelligence | Threat Intelligence |
| ioc_domain_malware | String | Threat Intelligence | Threat Intelligence |
| ioc_domain_threat_type | String | Threat Intelligence | Threat Intelligence |
| ioc_hash_confidence | Integer | Threat Intelligence | Threat Intelligence |
| ioc_hash_malware | String | Threat Intelligence | Threat Intelligence |
| ioc_hash_threat_type | String | Threat Intelligence | Threat Intelligence |
| ioc_matched | Boolean | Threat Intelligence | Threat Intelligence |
| ioc_source | String | Threat Intelligence | Threat Intelligence |
| ioc_src_ip_confidence | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_src_ip_malware | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_src_ip_threat_type | IpAddress | Threat Intelligence | Threat Intelligence |
| ioc_tags | Array | Threat Intelligence | Threat Intelligence |
| ip | IpAddress | Inventory | Inventory |
| last_call_minute | String | Databases | Databases |
| latency | String | Inventory | Inventory |
| lb_method | String | Inventory | Inventory |
| lease_duration | String | Network | Network |
| lease_scope | String | Network | Network |
| lock_mode | String | Databases | Databases |
| lock_session_id | Integer | Databases | Databases |
| logical_reads | String | Databases | Databases |
| logon_time | Timestamp | Authentication | Authentication |
| mac | String | Inventory | Inventory |
| machine | String | Endpoint | Endpoint |
| mem | String | Inventory | Inventory |
| mem_committed | String | Performance | Performance |
| mem_free | String | Performance | Performance |
| mem_used | String | Endpoint | Endpoint |
| memory_sorts | Long | Databases | Databases |
| message | String | System | System |
| message_id | Integer | ||
| message_info | String | ||
| metadata | String | System | System |
| mfa_used | String | Authentication | Authentication |
| mitre_technique_id | Integer | Alerts | Alerts |
| mount | String | Inventory | Inventory |
| msft | String | Vulnerability | Vulnerability |
| mskb | String | Vulnerability | Vulnerability |
| name | String | System | System |
| namespace | String | System | System |
| node | String | Inventory | Inventory |
| node_port | Integer | Inventory | Inventory |
| number_of_users | String | Databases | Databases |
| obj_name | String | Databases | Databases |
| object | String | Endpoint | Endpoint |
| object_attrs | String | Endpoint | Endpoint |
| object_category | String | Endpoint | Endpoint |
| object_id | Integer | Endpoint | Endpoint |
| object_path | String | Endpoint | Endpoint |
| object_size | Long | Data Access | Data Access |
| operation | String | Web | Web |
| orig_dest | String | ||
| orig_recipient | String | ||
| orig_src | String | ||
| original_file_name | String | Endpoint | Endpoint |
| os | String | Endpoint | Endpoint |
| os_pid | Integer | Endpoint | Endpoint |
| owner | String | Data Access | Data Access |
| owner_email | String | Data Access | Data Access |
| owner_id | Integer | Data Access | Data Access |
| packets | String | Network | Network |
| packets_in | String | Network | Network |
| packets_out | String | Network | Network |
| parent | String | Inventory | Inventory |
| parent_command_line | String | Endpoint | Endpoint |
| parent_object | String | Data Access | Data Access |
| parent_object_category | String | Data Access | Data Access |
| parent_object_id | Integer | Data Access | Data Access |
| parent_process_exec | String | Endpoint | Endpoint |
| parent_process_guid | String | Endpoint | Endpoint |
| parent_process_id | Integer | Endpoint | Endpoint |
| parent_process_name | String | Endpoint | Endpoint |
| parent_process_path | String | Endpoint | Endpoint |
| password | String | Inventory | Inventory |
| physical_reads | String | Databases | Databases |
| power | String | Performance | Performance |
| prevalence_dest_domain | Integer | Prevalence | Prevalence |
| prevalence_dest_ip | IpAddress | Prevalence | Prevalence |
| prevalence_file_hash | Integer | Prevalence | Prevalence |
| prevalence_min | Integer | Prevalence | Prevalence |
| prevalence_process_hash | Integer | Prevalence | Prevalence |
| process_current_directory | String | Endpoint | Endpoint |
| process_exec | String | Endpoint | Endpoint |
| process_guid | String | Endpoint | Endpoint |
| process_hash | String | Endpoint | Endpoint |
| process_id | Integer | Endpoint | Endpoint |
| process_integrity_level | String | Endpoint | Endpoint |
| process_limit | String | Databases | Databases |
| process_name | String | Endpoint | Endpoint |
| process_path | String | Endpoint | Endpoint |
| processes | String | Databases | Databases |
| product | String | Authentication | Authentication |
| product_version | String | Endpoint | Endpoint |
| protocol | String | Network | Network |
| protocol_version | String | Network | Network |
| query | String | DNS | DNS |
| query_count | Integer | DNS | DNS |
| query_id | Integer | Databases | Databases |
| query_plan_hit | String | Databases | Databases |
| query_time | Timestamp | Databases | Databases |
| query_type | String | DNS | DNS |
| read_blocks | String | Inventory | Inventory |
| read_latency | String | Inventory | Inventory |
| read_ops | String | Inventory | Inventory |
| reason | String | Authentication | Authentication |
| recipient | String | ||
| recipient_count | Integer | ||
| recipient_domain | String | ||
| recipient_status | String | ||
| record_type | String | DNS | DNS |
| records_affected | String | Databases | Databases |
| registry_hive | String | Endpoint | Endpoint |
| registry_key_name | String | Endpoint | Endpoint |
| registry_path | String | Endpoint | Endpoint |
| registry_value_data | String | Endpoint | Endpoint |
| registry_value_name | String | Endpoint | Endpoint |
| registry_value_text | String | Endpoint | Endpoint |
| registry_value_type | String | Endpoint | Endpoint |
| reply_code | Integer | DNS | DNS |
| reply_code_id | Integer | DNS | DNS |
| resource_id | Integer | Cloud | Cloud |
| resource_name | String | Cloud | Cloud |
| resource_type | String | Cloud | Cloud |
| response_time | Timestamp | Authentication | Authentication |
| result | String | System | System |
| result_id | Integer | System | System |
| retries | String | ||
| return_addr | String | ||
| risk_entity | String | Risk | Risk |
| risk_level | String | Risk | Risk |
| risk_score | Float | Risk | Risk |
| rule | String | Network | Network |
| rule_action | String | Network | Network |
| rule_id | Integer | Alerts | Alerts |
| rule_name | String | Alerts | Alerts |
| seconds_in_wait | String | Databases | Databases |
| sender | String | ||
| sender_domain | String | ||
| serial | String | Inventory | Inventory |
| serial_num | String | Databases | Databases |
| service | String | Endpoint | Endpoint |
| service_dll | String | Endpoint | Endpoint |
| service_dll_hash | String | Endpoint | Endpoint |
| service_dll_path | String | Endpoint | Endpoint |
| service_dll_signature_exists | String | Endpoint | Endpoint |
| service_dll_signature_verified | String | Endpoint | Endpoint |
| service_exec | String | Endpoint | Endpoint |
| service_hash | String | Endpoint | Endpoint |
| service_id | Integer | Endpoint | Endpoint |
| service_name | String | Endpoint | Endpoint |
| service_path | String | Endpoint | Endpoint |
| service_signature_exists | String | Endpoint | Endpoint |
| service_signature_verified | String | Endpoint | Endpoint |
| session_id | Integer | Authentication | Authentication |
| session_limit | String | Databases | Databases |
| session_status | String | Databases | Databases |
| sessions | String | Databases | Databases |
| severity | String | Alerts | Alerts |
| severity_id | Integer | Alerts | Alerts |
| sga_buffer_cache_size | Long | Databases | Databases |
| sga_buffer_hit_limit | String | Databases | Databases |
| sga_data_dict_hit_ratio | Float | Databases | Databases |
| sga_fixed_area_size | Long | Databases | Databases |
| sga_free_memory | Long | Databases | Databases |
| sga_library_cache_size | Long | Databases | Databases |
| sga_redo_log_buffer_size | Long | Databases | Databases |
| sga_shared_pool_size | Long | Databases | Databases |
| sga_sql_area_size | Long | Databases | Databases |
| shell | String | Inventory | Inventory |
| signature | String | Alerts | Alerts |
| signature_extra | String | ||
| signature_id | Integer | Alerts | Alerts |
| signature_version | String | Endpoint | Endpoint |
| site | String | Web | Web |
| size | String | ||
| snapshot | String | Inventory | Inventory |
| source | String | System | System |
| source_type | String | System | System |
| src | String | Alerts | Alerts |
| src_dns | String | Network | Network |
| src_host | String | Network | Network |
| src_interface | String | Network | Network |
| src_ip | IpAddress | Network | Network |
| src_ip_range | IpAddress | Network | Network |
| src_mac | String | Network | Network |
| src_nt_domain | String | Authentication | Authentication |
| src_nt_host | String | Network | Network |
| src_port | Integer | Network | Network |
| src_port_range | String | Network | Network |
| src_translated_ip | IpAddress | Network | Network |
| src_translated_port | Integer | Network | Network |
| src_type | String | Alerts | Alerts |
| src_user | String | Authentication | Authentication |
| src_user_domain | String | Authentication | Authentication |
| src_user_id | Integer | Authentication | Authentication |
| src_user_identity_account_status | String | Enrichment | Enrichment |
| src_user_identity_company | String | Enrichment | Enrichment |
| src_user_identity_country | String | Enrichment | Enrichment |
| src_user_identity_department | String | Enrichment | Enrichment |
| src_user_identity_display_name | String | Enrichment | Enrichment |
| src_user_identity_email | String | Enrichment | Enrichment |
| src_user_identity_employee_id | Integer | Enrichment | Enrichment |
| src_user_identity_employee_type | String | Enrichment | Enrichment |
| src_user_identity_groups | String | Enrichment | Enrichment |
| src_user_identity_manager | String | Enrichment | Enrichment |
| src_user_identity_manager_upn | String | Enrichment | Enrichment |
| src_user_identity_mfa_enabled | Boolean | Enrichment | Enrichment |
| src_user_identity_office_location | String | Enrichment | Enrichment |
| src_user_identity_phone | String | Enrichment | Enrichment |
| src_user_identity_title | String | Enrichment | Enrichment |
| src_user_name | String | Authentication | Authentication |
| src_user_role | String | Authentication | Authentication |
| src_user_type | String | Authentication | Authentication |
| src_zone | String | Data Loss Prevention | Data Loss Prevention |
| ssid | String | Network | Network |
| ssl_end_time | Timestamp | Certificates | Certificates |
| ssl_engine | String | Certificates | Certificates |
| ssl_hash | String | Certificates | Certificates |
| ssl_is_valid | String | Certificates | Certificates |
| ssl_issuer | String | Certificates | Certificates |
| ssl_issuer_common_name | String | Certificates | Certificates |
| ssl_issuer_email | String | Certificates | Certificates |
| ssl_issuer_email_domain | String | Certificates | Certificates |
| ssl_issuer_locality | String | Certificates | Certificates |
| ssl_issuer_organization | String | Certificates | Certificates |
| ssl_issuer_state | String | Certificates | Certificates |
| ssl_issuer_street | String | Certificates | Certificates |
| ssl_issuer_unit | String | Certificates | Certificates |
| ssl_name | String | Certificates | Certificates |
| ssl_policies | String | Certificates | Certificates |
| ssl_publickey | String | Certificates | Certificates |
| ssl_publickey_algorithm | String | Certificates | Certificates |
| ssl_serial | String | Certificates | Certificates |
| ssl_session_id | Integer | Certificates | Certificates |
| ssl_signature_algorithm | String | Certificates | Certificates |
| ssl_start_time | Timestamp | Certificates | Certificates |
| ssl_subject | String | Certificates | Certificates |
| ssl_subject_common_name | String | Certificates | Certificates |
| ssl_subject_email | String | Certificates | Certificates |
| ssl_subject_email_domain | String | Certificates | Certificates |
| ssl_subject_locality | String | Certificates | Certificates |
| ssl_subject_organization | String | Certificates | Certificates |
| ssl_subject_state | String | Certificates | Certificates |
| ssl_subject_street | String | Certificates | Certificates |
| ssl_subject_unit | String | Certificates | Certificates |
| ssl_validity_window | String | Certificates | Certificates |
| ssl_version | String | Certificates | Certificates |
| start_mode | String | Endpoint | Endpoint |
| start_time | Timestamp | System | System |
| state | String | Endpoint | Endpoint |
| status | String | System | System |
| status_code | Integer | Web | Web |
| storage | String | Inventory | Inventory |
| storage_free | String | Performance | Performance |
| storage_free_percent | Float | Performance | Performance |
| storage_name | String | Web | Web |
| storage_used | String | Performance | Performance |
| storage_used_percent | Float | Performance | Performance |
| stored_procedures_called | String | Databases | Databases |
| subject | String | ||
| swap | String | Performance | Performance |
| swap_free | String | Performance | Performance |
| swap_used | String | Performance | Performance |
| table_scans | String | Databases | Databases |
| tables_hit | String | Databases | Databases |
| tablespace_name | String | Databases | Databases |
| tablespace_reads | String | Databases | Databases |
| tablespace_status | String | Databases | Databases |
| tablespace_used | String | Databases | Databases |
| tablespace_writes | String | Databases | Databases |
| tag | String | Alerts | Alerts |
| tcp_flag | String | Network | Network |
| temperature | String | Performance | Performance |
| thruput | String | Performance | Performance |
| thruput_max | String | Performance | Performance |
| time | Timestamp | System | System |
| timestamp | Timestamp | System | System |
| tos | String | Network | Network |
| transaction_id | Integer | DNS | DNS |
| transport | String | Network | Network |
| transport_dest_port | Integer | Endpoint | Endpoint |
| ttl | String | DNS | DNS |
| type | String | Alerts | Alerts |
| uri_path | String | Web | Web |
| uri_query | String | Web | Web |
| url | String | Web | Web |
| url_domain | String | Web | Web |
| url_length | String | Web | Web |
| user | String | Authentication | Authentication |
| user_agent | String | Web | Web |
| user_domain | String | Authentication | Authentication |
| user_group | String | Data Access | Data Access |
| user_id | Integer | Authentication | Authentication |
| user_identity_account_status | String | Enrichment | Enrichment |
| user_identity_company | String | Enrichment | Enrichment |
| user_identity_country | String | Enrichment | Enrichment |
| user_identity_department | String | Enrichment | Enrichment |
| user_identity_display_name | String | Enrichment | Enrichment |
| user_identity_email | String | Enrichment | Enrichment |
| user_identity_employee_id | Integer | Enrichment | Enrichment |
| user_identity_employee_type | String | Enrichment | Enrichment |
| user_identity_groups | String | Enrichment | Enrichment |
| user_identity_manager | String | Enrichment | Enrichment |
| user_identity_manager_upn | String | Enrichment | Enrichment |
| user_identity_mfa_enabled | Boolean | Enrichment | Enrichment |
| user_identity_office_location | String | Enrichment | Enrichment |
| user_identity_phone | String | Enrichment | Enrichment |
| user_identity_title | String | Enrichment | Enrichment |
| user_name | String | Authentication | Authentication |
| user_role | String | Authentication | Authentication |
| user_type | String | Authentication | Authentication |
| vendor | String | Authentication | Authentication |
| vendor_account | String | Alerts | Alerts |
| vendor_product | String | Authentication | Authentication |
| vendor_product_id | Integer | Alerts | Alerts |
| vendor_region | String | Alerts | Alerts |
| version | String | Inventory | Inventory |
| vip_port | Integer | Inventory | Inventory |
| vlan | String | Network | Network |
| wait_state | String | Databases | Databases |
| wait_time | Timestamp | Databases | Databases |
| wifi | String | Network | Network |
| write_blocks | String | Inventory | Inventory |
| write_latency | String | Inventory | Inventory |
| write_ops | String | Inventory | Inventory |
| xdelay | String | ||
| xref | String |
Data Types
Array(6 fields)
Boolean(4 fields)
Float(9 fields)
Integer(63 fields)
IpAddress(23 fields)
Long(14 fields)
String(370 fields)
Timestamp(16 fields)
Categories
Alerts(18 fields)
Authentication(27 fields)
Certificates(32 fields)
Cloud(10 fields)
Custom Enrichment(20 fields)
DNS(13 fields)
Data Access(12 fields)
Data Loss Prevention(4 fields)
Databases(52 fields)
Email(22 fields)
Endpoint(63 fields)
Enrichment(59 fields)
Inventory(37 fields)
Network(50 fields)
Performance(17 fields)
Prevalence(5 fields)
Risk(3 fields)
System(19 fields)
Threat Intelligence(16 fields)
Vulnerability(6 fields)
Web(20 fields)