Field Name
|
Type
|
General Field
|
Description
|
Example
|
Products
|
clusterId
|
|
-
|
The cluster ID of the container
|
|
|
clusterName
|
|
-
|
The cluster name of the container
|
|
|
containerId
|
|
-
|
The Kubernetes container ID
|
|
|
containerImage
|
|
-
|
The Kubernetes container image
|
|
|
containerName
|
|
-
|
The Kubernetes container name
|
|
|
dpt
|
|
|
The destination port
|
-
|
|
dst
|
|
|
The destination IP
|
|
|
eventId
|
|
-
|
The event type
|
-
|
|
eventSubId
|
|
-
|
The access type
|
|
|
eventTime
|
|
-
|
The time the agent detected the event
|
|
|
filterRiskLevel
|
|
-
|
The top-level risk level of the event
|
|
|
groupId
|
|
-
|
The group ID for the management scope filter
|
|
|
k8sNamespace
|
|
-
|
The Kubernetes namespace of the container
|
|
|
k8sPodId
|
|
-
|
The Kubernetes pod ID of the container
|
|
|
k8sPodName
|
|
-
|
The Kubernetes pod name of the container
|
|
|
logReceivedTime
|
|
-
|
The time when the XDR log was received
|
|
|
objectFilePath
|
|
|
The file path of the target process image or target file
|
|
|
objectUser
|
|
|
The owner name of the target process or the sign-in user name
|
|
|
parentCmd
|
|
|
The command line entry of the parent process
|
|
|
parentFilePath
|
|
|
The file path of the parent process
|
|
|
parentPid
|
|
-
|
The PID of the parent process
|
|
|
processCmd
|
|
|
The command line entry of the subject process
|
|
|
processFilePath
|
|
|
The file path of the subject process
|
|
|
processName
|
|
|
The image name of the process that triggered the event
|
|
|
processPid
|
|
-
|
The PID of the subject process
|
|
|
productCode
|
|
-
|
The internal product code
|
|
|
pver
|
|
-
|
The product version
|
|
|
spt
|
|
|
The source port
|
|
|
src
|
|
|
The source IP
|
|
|
srcFilePath
|
|
|
The source file path
|
|
|
tags
|
|
|
The detected ID based on the alert filter
|
|
|
uuid
|
|
-
|
The unique key of the log
|
|
|
Views: