Data Mapping: General Search
|
General Field |
Corresponding Fields |
Example |
|||
|---|---|---|---|---|---|
|
Endpoint Activity Data |
Network Activity Data |
Web Activity Data |
Detection Data |
||
|
EndpointID |
|
|
|
|
e3c49595-09b9-47a3-a43f-6c21aa52e54f |
|
EndpointName |
|
|
|
|
hr-johndoe1 |
|
DomainName |
|
|
|
|
self.events.data.microsoft.com |
|
IPv4 |
|
|
|
|
192.0.2.0 |
|
IPv6 |
|
|
|
|
2001:0db8:85a3:0000:0000:8a2e:0370:7334 |
|
URL |
|
|
|
|
https://www.example.com |
|
Port |
|
|
|
|
8080 |
|
UserAccount |
|
|
|
|
john_doe |
|
FileName |
|
|
|
|
example.exe |
|
FileFullPath |
|
|
|
|
C:\Program Files (x86)\temp\Application\test.exe |
|
FileSHA1 |
|
|
|
|
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
|
FileSHA2 |
|
|
|
|
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a |
|
FileMD5 |
|
|
|
|
46CFB4E38C6299983048DE39012FD08F |
|
ProcessFullPath |
|
|
|
|
C:\Program Files (x86)\temp\Application\test.exe |
|
CLICommand |
|
|
|
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=en-US --no-sandbox |
|
RegistryKey |
|
|
|
|
hklm\software\wow6432node\microsoft\windows\currentversion\run |
|
RegistryValue |
|
|
|
|
its_ie_settings |
|
RegistryValueData |
|
|
|
|
wscript "C:\Program Files (x86)\JNJ\ITS_IE_PREF\IE_Preferences.vbs" |
|
EmailSender |
|
|
|
|
john_doe@example.com |
|
EmailRecipient |
|
|
|
|
john_doe@example.com |
|
EmailSubject |
|
|
|
|
Subject: From the desk of the Nigerian Prince |
|
EmailMessageID |
|
|
|
|
<rRzmIhBrXbgjvr4uhIwCcbtE6BnmgNTtAU51qWmqY@example.online> |
|
Technique |
|
|
|
|
T1210 |
|
Tactic |
|
|
|
|
TA0008 |
