Field Name |
General Field |
Description |
Sample |
Products |
---|---|---|---|---|
uuid |
- |
Unique key of the log entry |
|
|
eventTime |
- |
Event generation time on the agent endpoint |
|
|
tags |
- |
ID of the MITRE technique detected based on the alert |
|
|
productCode |
- |
Product code of the product that sent the log |
|
|
filterRiskLevel |
- |
Top-level risk level of the event |
|
|
pname |
- |
Internal product code (depricated) |
|
|
msgUuid |
- |
Internal email UUID to identify each email message |
|
|
mailbox |
- |
Primary email address |
|
|
mailDirection |
- |
Email traffic direction |
|
|
mailFromAddresses |
EmailSender |
Mail from address in email header |
|
|
mailToAddresses |
EmailRecipient |
Mail To address in the email header |
|
|
mailMsgSubject |
EmailSubject |
Email subject |
|
|
mailMsgId |
EmailMessageID |
Email ID |
|
|
mailCcAddresses |
EmailRecipient |
Mail CC address in the email header |
|
|
mailBccAddresses |
EmailRecipient |
Mail BCC address in the email header |
|
|
mailSenderIp |
- |
Email sender IP address |
|
|
mailAttachmentHash |
FileSHA1 |
Hash value of the email attachment |
|
|
mailUrlsRealLink |
- |
URL extracted from the email content |
|
|
mailSourceDomain |
- |
Email domain of the sender |
|
|
mailUrlsVisibleLink |
- |
URL extracted from the email content |
|
|
orgId |
- |
Cloud App Security orgnization ID |
|
|
attachmentFileName |
FileName |
File name of the email attachment |
|
|
attachmentSha1 |
FileSHA1 |
SHA-1 hash of the email attachment |
|
|
attachmentMd5 |
FileMD5 |
MD5 hash of the email attachment |
|
|
attachmentSha256 |
FileSHA2 |
SHA-256 hash of the email attachment |
|
|
attachmentUrls |
- |
URLs extracted from the email attachment |
- |
|
attachmentFileHashes |
FileSHA1 |
SHA-1 hash of the email attachment |
|
|
attachmentFileHashSha256s |
FileSHA2 |
SHA-256 hash of the email attachment |
|
|
mailSmtpOriginalRecipients |
- |
Original email recipients in the SMTP envelope |
|
|
mailSmtpRecipients |
- |
Email recipients in the SMTP envelope after scanning |
|
|
version |
- |
|
|
|
customerId |
- |
|
|
|
receivedTime |
- |
Time the log was received |
|
|
packageTraceId |
- |
|
|
|
groupId |
- |
|
|
|
tenantGuid |
- |
|
|
|
bitwiseFilterRiskLevel |
- |
Bitwise risk-level filter search |
|
|
scanType |
- |
Manual or real-time scan |
|
|
mailFolder |
- |
|
|
|
msgUuidChain |
- |
|
|
|
mailMetaTraceId |
- |
|
|
|
mExternalUid |
- |
|
|
|
mailMetaData |
- |
|
|
|
mailTagHashRawSignature |
- |
|
|
|
mailXMailer |
- |
|
|
|
mailUserAgent |
- |
|
|
|
mailFeatureId |
- |
- |
|
|
mailRuleId |
- |
|
|
|
mailTagHash |
- |
|
|
|
mailTextHash |
- |
|
|
|
mailUrlHash |
- |
|
|
|
mailHeaderHash |
- |
|
|
|
mailScore |
- |
- |
|
|
mailWantedHeaderName |
- |
|
|
|
mailWantedHeaderValue |
- |
|
|
|
mailReplyToAddresses |
- |
|
|
|
mailSmtpFromAddresses |
- |
|
|
|
mailThreatType |
- |
|
|
|
mailWholeHeader |
- |
|
|
|
mailHelo |
- |
|
|
|
attachmentTlsh |
- |
|
|
|
attachmentSize |
- |
- |
|
|
attachmentSource |
- |
|
|
|
mailSmtpTls |
- |
|
|
|
attachmentFileTlshes |
- |
- |
|
|
eventSourceType |
- |
|
|
|
mailMetaText |
- |
|
|