Mappings: CarbonBlack Defense Non-Threat Audit Events
Input | Value |
---|---|
Vendor | CarbonBlack |
Product | Defense |
Log Format | JSON |
Event ID Regex Pattern | _default_ |
Output | Value |
---|---|
Vendor | Carbon Black |
Product | Defense |
Record Type | Endpoint |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
description | shortDescription | |
device_hostname | deviceDetails.deviceHostName | |
device_ip | deviceDetails.deviceIpAddress | |
device_uniqueId | deviceDetails.deviceId | |
file_basename | selectedApp.applicationName | |
file_hash_md5 | selectedApp.md5Hash | |
file_hash_sha256 | selectedApp.sha256Hash | |
file_path | selectedApp.applicationPath | |
normalizedSeverity | alertScore | This is a lookup field. More info to come in the catalog later... |
severity | alertScore | |
threat_identifier | incidentId | |
user_username | deviceDetails.deviceOwner |