|
Field type |
Field name |
Description |
Example value |
|---|---|---|---|
|
CEF header |
CEF:Version |
CEF version. |
CEF:0 |
|
Device Vendor |
Product vendor. |
UserGate |
|
|
Device Product |
Product type. |
NGFW |
|
|
Device Version |
Product version. |
7 |
|
|
Source |
Log type. |
endpoint_applications |
|
|
Name |
Source type. |
log |
|
|
Threat Level |
Default value. |
0 |
|
|
CEF [extension] |
rt |
Time when the event was received (in milliseconds since January 1, 1970). |
1652344423822 |
|
deviceExternalId |
A unique name of the device which generated the event. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
|
act |
Action (start/stop the application). |
start, stop |
|
|
suser |
User name. |
DESKTOP-0731NFQ\User |
|
|
filePath |
The location of a file in a system structure. |
C:\\Windows\\system32\\cmd.exe |
|
|
cs1Label |
Indicates the endpoint ID. |
endpointId |
|
|
cs1 |
Endpoint ID. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
|
cs2Label |
Indicates the endpoint name. |
endpointName |
|
|
cs2 |
Endpoint NetBIOS name. |
DESKTOP-0731NFQ |
|
|
spid |
Process ID. |
3860 |
|
|
fileHash |
Application hash. |
B4979A9F970029889713D756C3F123643DDE73DA |
|
|
cs3Label |
Indicates the command line. |
cmdLine |
|
|
cs3 |
Command line query. |
C:\\Windows\\system32\\sc.exe start w32time task_started |
|
|
cs4Label |
Indicates the session ID. |
sessionId |
|
|
cs4 |
Session ID. |
1656395717 |