Mappings: Endgame JSON
Input | Value |
---|---|
Vendor | Endgame |
Product | Detection |
Log Format | JSON |
Event ID Regex Pattern | _default_ |
Output | Value |
---|---|
Vendor | Endgame |
Product | Detection |
Record Type | Endpoint |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | type | |
description | data.event_type_human | |
device_hostname | endpoint.hostname | |
device_ip | endpoint.ip_address | |
file_basename | data.triggering_fact_array.0.data_buffer.process_name | |
file_hash_sha1 | data.triggering_fact_array.0.data_buffer.sha1 | |
file_hash_sha256 | data.triggering_fact_array.0.data_buffer.sha256 | |
timestamp | created_at | We expect the orginal record value of created_at is in the format yyyy-MM-dd'T'HH:mm:ssZ |