Mappings: CarbonBlack - Bit9 - Threats
Input | Value |
---|---|
Vendor | Bit9 |
Product | Defense |
Log Format | JSON |
Event ID Regex Pattern | THREAT |
Output | Value |
---|---|
Vendor | Carbon Black |
Product | Defense |
Record Type | Endpoint |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | ruleName | |
device_hostname | deviceInfo.deviceHostName | |
device_ip | deviceIpV4Address | |
normalizedSeverity | deviceInfo.targetPriorityType | This is a lookup field. More info to come in the catalog later... |
severity | deviceInfo.targetPriorityType | |
threat_name | threatInfo.summary | |
threat_ruleType | None | The static text direct is populated in this schema field. |
threat_signalName | threatInfo.threatCause.reason | This is a split field. More info to come in the catalog later... |
timestamp | createTime | We expect the orginal record value of createTime is in the format epoch_ms |