Registry log
Normalize registry logs in Genian EDR.
| Type | Field | Display Name |
|---|---|---|
| DATE | _time | Time |
| STRING | event_type | Event type |
| STRING | event_subtype | Event subtype |
| INT | important | Important level |
| IP | host_ip | Host IP |
| STRING | nt_domain | NT domain |
| STRING | hostname | Hostname |
| STRING | tag | Tag |
| STRING | image | Process name |
| STRING | image_path | Process path |
| STRING | reg_key_path | Registry key path |
| STRING | reg_value_name | Registry value name |
| STRING | reg_value | Registry value |
| STRING | reg_value_type | Registry value type |
| INT | reg_value_size | Registry value size |
| STRING | logon_id | Logon ID |
| INT | pid | PID |
| STRING | pguid | Process GUID |
| STRING | device_id | Device ID |
| LONG | event_seq | Event sequence |