# Endpoint Detection Version 1.0 Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors. | **Field Names** | **Data Type** | | ---------------------------------- | ------------- | | file.directory | text | | file.hash.md5 | text | | file.hash.sha1 | text | | file.hash.sha256 | text | | file.name | text | | file.size | int | | host.architecture | text | | host.mac | text | | host.os.name | text | | host.os.platform | text | | host.os.version | text | | source.user.domain | text | | source.user.name | text | | agent.type | text | | destination. | text | | destination. | ip | | destination. | int | | destination.as.organization.name | text | | destination.geo.city\_name | text | | destination.geo.continent\_code | text | | destination.geo.country\_code | text | | destination.geo.country\_name | text | | destination.geo.location.lat | geopoint | | destination.geo.location.lon | geopoint | | destination.geo.region\_name | text | | destination.ip | ip | | destination.locality | text | | destination.port | int | | dns.question.domain | text | | dns.question.name | text | | error. | text | | event.action | text | | event.category | array | | event.created | date | | event.dataset | text | | event.id | text | | event.kind | text | | event.module | text | | event.original | text | | event.outcome | text | | event.reason | text | | event.severity | text | | event.type | array | | file.code\_signature.signed | text | | file.code\_signature.subject\_name | text | | file.hash | text | | file.name | text | | file.path | text | | file.pe.company | text | | file.pe.description | text | | file.pe.file\_version | text | | file.pe.imphash | text | | file.pe.original\_file\_name | text | | file.pe.product | text | | hash.imphash | text | | hash.md5 | text | | host.name | text | | log.type | text | | network. | text | | network. | text | | network. | text | | network. | text | | observer.ip | ip | | observer.name | text | | observer.product | text | | observer.type | text | | observer.vendor | text | | organisation.id | text | | process.args | text | | process.command\_line | text | | process.executable | text | | process.name | text | | process.parent.args | text | | process.parent.command\_line | text | | process.parent.executable | text | | process.parent.name | text | | process.parent.pid | text | | process.pe.company | text | | process.pe.description | text | | process.pe.file\_version | text | | process.pe.imphash | text | | process.pe.original\_file\_name | text | | process.pe.product | text | | process.pid | int | | process.working\_directory | text | | registry.path | text | | registry.value | text | | related.hash | array | | related.hosts | array | | related.ip | array | | related.user | array | | rule.name | text | | sensor.id | text | | source. | ip | | source. | text | | source.as.number | text | | source.as.organization.name | text | | source.geo.city\_name | text | | source.geo.continent\_code | text | | source.geo.country\_code | text | | source.geo.country\_name | text | | source.geo.location.lat | geopoint | | source.geo.location.lon | geopoint | | source.geo.region\_name | text | | source.ip | ip | | source.locality | text | | source.port | int | | threatintel.days | int | | threatintel.entity | text | | threatintel.event\_data | text | | threatintel.lookup | text | | threatintel.malware.malware | text | | threatintel.malware.timestamp | date/time | | threatintel.severity | text | | threatintel.tags | text | | threatintel.white\_list | text | | user.domain | text | | user.name | text | | uuid | text |