Threat Log
Normalize threat logs in Genian EDR.
| Type | Field | Display Name |
|---|---|---|
| DATE | _time | Time |
| INT | level | Level |
| IP | host_ip | Host IP |
| STRING | nt_domain | NT domain |
| STRING | hostname | Hostname |
| STRING | platform | Platform |
| STRING | detect_type | Detect type |
| STRING | detect_subtype | Detect Subtype |
| STRING | signature | Signature |
| INT | score | Score |
| STRING | action | Action |
| STRING | path | Path |
| STRING | path2 | Path2 |
| STRING | cmd_line | Command line |
| STRING | image | Process name |
| STRING | image_path | Process path |
| STRING | direction | Direction |
| IP | local_ip | Local IP |
| INT | local_port | Local port |
| IP | remote_ip | Remote IP |
| INT | remote_port | Remote port |
| STRING | protocol | Protocol |
| STRING | file_name | File name |
| LONG | file_size | File size |
| STRING | file_path | File path |
| STRING | md5 | MD5 |
| STRING | sha256 | SHA256 |
| STRING | logon_id | Logon ID |
| INT | session_id | Session ID |
| INT | pid | PID |
| STRING | pguid | Process GUID |
| STRING | device_id | Device ID |
| LONG | event_seq | Event sequence |
| BOOL | auto_resolve | Auto resolved |
| STRING | av_name | Anti-virus name |
| STRING | category_name | Category name |
| STRING | detect_id | Detect ID |
| STRING | detect_key_string | Detect key string |
| DATE | detect_time | Detect time |
| DATE | event_time | Event time |
| DATE | first_seen | First seen |
| BOOL | is_known | Is known threat |
| STRING | mac | MAC |
| INT | ml_level | ML level |
| INT | ml_score | ML score |