Superna Zero Trust Alarm
Zero Trust Alarm
| Type | Field | Name | Description |
|---|---|---|---|
| Date | _time | Time | Detection time |
| IP address | device_ip | DeviceIP | IP of the storage system (NES device) involved in the event. |
| String | log_type | LogType | Fixed to supernaZT |
| String | storage_type | StorageType | e.g. Dell Isilon, Qumulo, VAST, NetApp, Hitachi |
| IP address | src_ip | SourceIP | Client IP that performed the activity (infected client) |
| String | user | User | User identifier associated with the event |
| String | app | App | e.g. SMB2, NFS |
| String | state | State | e.g. WARNING, TO_LOCKOUT, ACKNOWLEDGED, ERROR |
| String | shares | Shares | Shares the user had access to that were affected by this event |
| Integer | file_count | FileCount | Total count of affected files |
| String | samples | Samples | Sample/subset list of affected file paths from the event payload |
| String | user_sid | UserSID | Windows SID of the user |