Skip to content

Log Record Fields

The Fields

Category Field Type Description
Generic Fields CapturedImage binary
Category string category
Computer string computer name
Description string description
DestIP string DestIP
DestIP_Country_Code string country code of DestIP
DestIP_Country_Name string country name of DestIP
DestMAC string destination MAC address
EventID long event ID
EventLog string event log
EventPath string event path
EventType long event type
GMT date GMT
ID string ID
IP string IP
IsIncident boolean if the event is categorized as security incident
LocalTime date local time
N1 ... N40 long general purpose numeric fields
PlatformID string platform id
PostDtsSHA256 string log hash after passing through Data Transformation Service
PreDtsSHA256 string log hash before passing through Data Transformation Service
RawData string raw data
ReceivedTime date received time
S1 ... S150 string general purpose string fields
SecondaryTag string secondary tag
SessionID string session ID
Source string source
SrcIP string source IP
SrcIP_Country_Code string country code of SrcIP
SrcIP_Country_Name string country name of SrcIP
SrcMAC string source MAC address
Tag string tag
Tenant string tenant
TimeOfDay long time of day
UserDomain string user domain
UserName string username
VersionMajor long version major
VersionMinor long version minor
content string content
_Timestamp SkewedOffset long the difference between real time and machine time
Time long it is the number of seconds ... as a scalar real number which represents the number of seconds that have passed since 00:00:00 UTC Thursday, 1 January 1970
TimeZoneOffSet long adding the 80 seconds to the GMT
isDST boolean the summer time if applied or not
_agent GUID string agent globally unique identifier
Name string the name of that agent concerned
Site string the location of the agent concerned
_asset Application string application name
Criticality long security level (rating)
GeoLat GEO decoded latitude from IP address
Name string the actual name of asset
Owner string Owner name
Project string project name
SecurityValue long security level
Site string the location where it happened (city)
URGeoLongL GEO decoded longitude from IP address
_attack DestIP string destination IP is the IP address of the device to which the packet is being sent.
GeoCity string decoded City from IP address
GeoCountry string decoded Country from IP address
Host string is a computer or other device that communicates with other hosts on a network, include clients and servers -- that send or receive data, services or applications
GeoLat GEO decoded latitude from IP address
GeoLong GEO decoded longitude from IP address
Method string is a particular procedure for accomplishing or approaching something, especially a systematic or established one.
Object string network objects are used to categorize IP addresses into different types of network entities
OtherInfo String other information about our network
Result boolean the result of the attack
SrcIP string source IP is the IP (Internet Protocol) address of the device sending the IP packet (the IP unit of data transfer).
TriggeredRule string is use to define conditions under which a trigger action is to be executed.
_dataSource Name string the name of the data source
SecurityAppliance string physical name of the data source
Version string the version
_event Category string a category is assigned by Cyber Quest for each event
Result boolean success/failed
SourceObject string the origin of the object more accurate where it comes from
SourceUser string the origin of the user more accurate where it comes from
SubCategory string a Subcategory is assigned by Cyber Quest for each event depending on the main category
TargetObject string destination of the object more accurate where it goes
TargetUser string destination of the user more accurate where it goes
URL string Uniform Resource Locator is a way of identifying the location of a file on the internet for events
_forensics What string describes the action
Where string describes the location where the event occurred
Who string describes who created the event
Why string describes why the event was created
_geoLocation DestIPGeoCountry string destination IP coordinates of the country
DestIPGeoPoint geo_point destination IP coordinates of the point
DestIPGeocity string destination IP coordinates of the city
Host string host
SrcIPGeoCountry string source IP coordinates of the country
SrcIPGeoPoint geo_point source IP coordinates of the point
SrcIPGeocity string source IP coordinates of the city
_incident Category string a category is assigned by Cyber Quest for each incident
Impact string it is measure of the extent of the Incident and of the potential damage caused by the Incident before it can be resolved.
Score long an incident is an unplanned situation where an IT service is or will be interrupted or degraded in quality
SubCategory string a Subcategory is assigned by Cyber Quest for each incident depending on the main category
_malware DeliveryMethod string deliveryMethod (mail, file etc...)
Name string malware name
_network AplicationName string application name
DestIPv4 ip destination IP(IPv4)
DestIPv6 string destination IP(IPv6)
DestInterface string destination interface
DestPort long destination port
FlowID string NetflowID
PostNATDestIPv4 ip destination IP(IPv4) after network translation
PostNATDestIPv6 string destination IP(IPv6) after network translation
PostNATDestPort long destination port after network translation
PostNATSrcIPv4 ip source IP(IPv4) after network translation
PostNATSrcIPv6 string source IP(IPv6) after network translation
PostNATSrcPort long source port after network translation
Protocol string protocol
ReceivedBytes long received bytes
SrcIPv4 ip destination IP(IPv4)
SrcIPv6 string source IP(IPv6)
SrcInterface string source interface
SrcPort long source port
TransferedBytes long transferred bytes