Mappings: Sysdig Command JSON
| Input | Value |
|---|---|
| Vendor | Sysdig |
| Product | Sysdig |
| Log Format | JSON |
| Event ID Regex Pattern | command |
| Output | Value |
|---|---|
| Vendor | Sysdig |
| Product | Sysdig |
| Record Type | EndpointProcess |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | type | |
| baseImage | comm | |
| changeTarget | cwd | |
| commandLine | content.fields.proc.cmdline | |
| device_container_id | containerId | |
| device_container_name | labels.container.label.io.kubernetes.container.name | |
| device_hostname | labels.host.hostName | |
| device_k8s_namespace | labels.container.label.io.kubernetes.pod.namespace | |
| device_k8s_pod | labels.kubernetes.pod.name | |
| parentBaseImage | pcomm | |
| parentCommandLine | content.fields.proc.pcmdline | |
| user_username | content.fields.ka.user.name |