AhnLab EPP EDR V3 Detect

EDR_V3_DETECT Event

Type	Field	Display Name	Description
Date	_time	Time
String	severity	Severity	e.g. 6
String	event_id	Event ID
IP address	src_ip	Source IP
String	src_mac	Source MAC
String	hostname	Hostname
String	user	Account
String	dept_name	Department
String	user_name	User name
String	category	Category	e.g. Backdoor
String	signature	Signature	e.g. Backdoor/EDR.Akdoor
String	scan_type_text	Scan type	e.g. 빠른 검사
Long	ppid	PPID
Long	pid	PID
String	image	Process
String	file_name	File name
String	file_path	File path
String	action	Action	e.g. 치료 완료
String	status_text	Status message	e.g. 치료 완료(파일 자체가 악성코드이므로 파일을 삭제했습니다.)
MD5	md5	MD5
SHA256	sha256	SHA256
String	engine_version	Engine ver	e.g. 2024.06.10.01
String	node_id	Node ID	e.g. 4
String	group_id	Group ID	e.g. 1662
String	platform_id	Platfrom ID	e.g. WINDOWS_10_X64
String	platform_name	Platform name	e.g. Windows 10 x64
Date	client_time	Client time
String	scan_type	Scan type code	e.g. 2
String	status	Status code	e.g. 1008
String	on_demand	Ondemend code	e.g. P
String	obj_id	Object ID
Date	create_time	Create time