|
Field name |
Description |
Example value |
||
|---|---|---|---|---|
|
timestamp |
Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ. |
2022-05-12T08:11:46.15869Z |
||
|
node |
The unique name of the device that generated the event. |
|||
|
reasons |
The reason why the event was created. For example, login to the system. |
{\"user_groups_sids\":[\"S-1-5-21-3795870133-5220325-2125745684-513\",\"S-1-5-21-3795870133-5220325-2125745684-512\",\"S-1-5-21-3795870133-5220325-2125745684-572\"], \"user_sid\":\"S-1-5-21-3795870133-5220325-2125745684-1103\",\"login\":\"user1\",\"domain\":\"DEP\",\"event_id\":4624} |
||
|
action |
An action performed in the event. |
login |
||
|
src_ip |
IPv4 address of the event source. |
10.10.0.11 |
||
|
rule |
guid |
Unique ID of the rule triggered to cause the event. |
16535060-5a1a-4e92-8331-239406ec34da |
|
|
name |
Name of the rule triggered to cause the event. |
dep.local |
||
|
user |
guid |
Unique ID of the user. |
745591c3-9d21-092d-8db4-5b9b0000044f |
|
|
name |
The username. |
user1 |
||
|
groups |
guid |
Unique ID of the group the user is a member of. |
aa218609-8716-9252-df20-88c43a0d0bf6 |
|
|
name |
Name of the group the user is a member of. |
CN=Domain Users,CN=Users,DC=dep,DC=local |
||