Superna Zero Trust Alarm
Zero Trust Alarm
Type | Field | Name | Description |
---|---|---|---|
Date | _time | Time | Detection time |
IP address | device_ip | DeviceIP | IP of the storage system (NES device) involved in the event. |
String | log_type | LogType | Fixed to supernaZT |
String | storage_type | StorageType | e.g. Dell Isilon, Qumulo, VAST, NetApp, Hitachi |
IP address | src_ip | SourceIP | Client IP that performed the activity (infected client) |
String | user | User | User identifier associated with the event |
String | app | App | e.g. SMB2, NFS |
String | state | State | e.g. WARNING, TO_LOCKOUT, ACKNOWLEDGED, ERROR |
String | shares | Shares | Shares the user had access to that were affected by this event |
Integer | file_count | FileCount | Total count of affected files |
String | samples | Samples | Sample/subset list of affected file paths from the event payload |
String | user_sid | UserSID | Windows SID of the user |