Mappings: Endgame JSON
| Input | Value |
|---|---|
| Vendor | Endgame |
| Product | Detection |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Endgame |
| Product | Detection |
| Record Type | Endpoint |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | type | |
| description | data.event_type_human | |
| device_hostname | endpoint.hostname | |
| device_ip | endpoint.ip_address | |
| file_basename | data.triggering_fact_array.0.data_buffer.process_name | |
| file_hash_sha1 | data.triggering_fact_array.0.data_buffer.sha1 | |
| file_hash_sha256 | data.triggering_fact_array.0.data_buffer.sha256 | |
| timestamp | created_at | We expect the orginal record value of created_at is in the format yyyy-MM-dd'T'HH:mm:ssZ |