Table of Contents:
The attributes used in the policy conditions are mapped between the Chronicle and Resolution Intelligence Cloud as follows:
| Chronicle | Resolution Intelligence Cloud |
| security.events.metadata.eventType | events.metadata.eventType |
| security.events.metadata.productEventType | events.metadata.productEventType |
| security.events.metadata.productName | events.metadata.productName |
| security.events.metadata.vendorName | events.metadata.vendorName |
| security.events.network.dnsDomain | events.network.dnsDomain |
| security.events.network.email.from | events.network.email.from |
| security.events.network.email.to | events.network.email.to |
| security.events.observer.hostname | events.observer.hostname |
| security.events.principal.asset.hostname | events.principal.asset.hostname |
| security.events.principal.hostname | events.principal.hostname |
| security.events.principal.ip | events.principal.ip |
| security.events.principal.process.commandLine | events.principal.process.commandLine |
| security.events.principal.process.file.fullPath | events.principal.process.file.fullPath |
| security.events.principal.process.file.names | events.principal.process.file.names |
| security.events.principal.process.file.sha256 | events.principal.process.file.sha256 |
| security.events.principal.processAncestors.commandLine | events.principal.processAncestors.commandLine |
| security.events.principal.user.userid | events.principal.user.userid |
| security.events.processAncestors.commandLine | events.processAncestors.commandLine |
| security.events.processAncestors.file.fullPath | events.processAncestors.file.fullPath |
| security.events.processAncestors.file.names | events.processAncestors.file.names |
| security.events.processAncestors.file.sha256 | events.processAncestors.file.sha256 |
| security.events.securityResult.action | events.securityResult.action |
| security.events.securityResult.category | events.securityResult.category |
| security.events.securityResult.summary | events.securityResult.summary |
| security.events.securityResult.threatName | events.securityResult.threatName |
| security.events.target.application | events.target.application |
| security.events.target.asset.hostname | events.target.asset.hostname |
| security.events.target.file.fullPath | events.target.file.fullPath |
| security.events.target.file.names | events.target.file.names |
| security.events.target.file.sha256 | events.target.file.sha256 |
| security.events.target.hostname | events.target.hostname |
| security.events.target.ip | events.target.ip |
| security.events.target.port | events.target.port |
| security.events.target.process.command_line | events.target.process.command_line |
| security.events.target.process.file.fullPath | events.target.process.file.fullPath |
| security.events.target.process.file.names | events.target.process.file.names |
| security.events.target.process.file.sha256 | events.target.process.file.sha256 |
| security.events.target.processAncestors.commandLine | events.target.processAncestors.commandLine |
| security.events.target.processAncestors.file.fullPath | events.target.processAncestors.file.fullPath |
| security.events.target.processAncestors.file.names | events.target.processAncestors.file.names |
| security.events.target.processAncestors.file.sha256 | events.target.processAncestors.file.sha256 |
| security.events.target.resource.name | events.target.resource.name |
| security.events.target.resource.resourceType | events.target.resource.resourceType |
| security.events.target.resource.type | events.target.resource.type |
| security.events.target.url | events.target.url |
| security.events.target.user.department | events.target.user.department |
| security.events.target.user.title | events.target.user.title |
| security.events.target.user.userid | events.target.user.userid |
Comments
0 comments
Please sign in to leave a comment.