Mappings: Carbon Black Cloud C2C Process Auditing
Input | Value |
---|---|
Vendor | CarbonBlack |
Product | Cloud |
Log Format | JSON |
Event ID Regex Pattern | endpoint.event.proc(?:end|start) |
Output | Value |
---|---|
Vendor | Carbon Black |
Product | Cloud |
Record Type | EndpointProcess |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | action | |
baseImage | process_path | |
commandLine | process_cmdline | |
description | action | This is a lookup field. More info to come in the catalog later... |
device_hostname | device_name | |
device_ip | device_internal_ip | |
device_natIp | device_external_ip | |
device_osName | device_os | |
file_hash_md5 | process_hash.1 | |
file_hash_sha256 | process_hash.2 | |
file_path | process_path | |
normalizedAction | action | This is a lookup field. More info to come in the catalog later... |
normalizedResource | None | The static text process is populated in this schema field. |
parentBaseImage | parent_path | |
parentCommandLine | parent_cmdline | |
parentPid | parent_pid | |
pid | process_pid | |
resource | target_cmdline | |
severity | severity | |
success | sensor_action | This is a lookup field. More info to come in the catalog later... |
user_username | device_username |