|
General Field
|
Corresponding Fields
|
Example
|
|||
|
Endpoint Activity Data
|
Network Activity Data
|
Web Activity Data
|
Detection Data
|
||
|
EndpointID
|
|
|
|
|
e3c49595-09b9-47a3-a43f-6c21aa52e54f
|
|
EndpointName
|
|
|
|
|
hr-johndoe1
|
|
DomainName
|
|
|
|
|
self.events.data.microsoft.com
|
|
IPv4
|
|
|
|
|
192.0.2.0
|
|
IPv6
|
|
|
|
|
2001:0db8:85a3:0000:0000:8a2e:0370:7334
|
|
URL
|
|
|
|
|
https://www.example.com
|
|
Port
|
|
|
|
|
8080
|
|
UserAccount
|
|
|
|
|
john_doe
|
|
FileName
|
|
|
|
|
example.exe
|
|
FileFullPath
|
|
|
|
|
C:\Program Files (x86)\temp\Application\test.exe
|
|
FileSHA1
|
|
|
|
|
98A9A1C8F69373B211E5F1E303BA8762F44BC898
|
|
FileSHA2
|
|
|
|
|
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a
|
|
FileMD5
|
|
|
|
|
46CFB4E38C6299983048DE39012FD08F
|
|
ProcessFullPath
|
|
|
|
|
C:\Program Files
(x86)\temp\Application\test.exe
|
|
CLICommand
|
|
|
|
|
"C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=en-US --no-sandbox
|
|
RegistryKey
|
|
|
|
|
hklm\software\wow6432node\microsoft\windows\currentversion\run
|
|
RegistryValue
|
|
|
|
|
its_ie_settings
|
|
RegistryValueData
|
|
|
|
|
wscript "C:\Program Files
(x86)\JNJ\ITS_IE_PREF\IE_Preferences.vbs"
|
|
EmailSender
|
|
|
|
|
john_doe@example.com
|
|
EmailRecipient
|
|
|
|
|
john_doe@example.com
|
|
EmailSubject
|
|
|
|
|
Subject: From the desk of the Nigerian Prince
|
|
EmailMessageID
|
|
|
|
|
<rRzmIhBrXbgjvr4uhIwCcbtE6BnmgNTtAU51qWmqY@example.online>
|
|
Technique
|
|
|
|
|
T1210
|
|
Tactic
|
|
|
|
|
TA0008
|
Views: