# Endpoint Protection Version 1.2 \ Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors. | **Field Name** | **Data Type** | | -------------------------------- | ------------- | | agent.type | text | | agent.type | text | | destination.address | ip | | destination.as.organization.name | text | | destination.domain | text | | destination.geo.city\_name | text | | destination.geo.continent\_code | text | | destination.geo.country\_code | text | | destination.geo.country\_name | text | | destination.geo.location.lat | geopoint | | destination.geo.location.lon | geopoint | | destination.geo.region\_name | text | | destination.locality | text | | destination.mac | text | | destination.port | int | | event.action | text | | event.category | array | | event.count | int | | event.created | date | | event.dataset | text | | event.id | text | | event.kind | text | | event.module | text | | event.original | text | | event.outcome | text | | event.reason | text | | event.severity | text | | event.type | array | | file.hash.sha1 | text | | file.hash.sha1 | text | | file.hash.sha256 | text | | file.hash.sha256 | text | | file.name | text | | file.path | text | | file.path | text | | file.pe.company | text | | file.pe.file\_version | text | | file.pe.product | text | | file.size | text | | host.hostname | text | | host.hostname | text | | host.ip | ip | | host.name | text | | log.type | text | | log.type | text | | message | | | message | | | network.direction | text | | network.transport | text | | observer.ip | ip | | observer.name | text | | observer.product | text | | observer.type | text | | observer.type | text | | observer.vendor | text | | organisation.id | text | | os.name | text | | process.args | text | | process.command\_line | text | | process.command\_line | text | | process.end | date/time | | process.executable | text | | process.hash.md5 | text | | process.hash.sha256 | text | | process.name | text | | process.parent.args | text | | process.parent.command\_line | text | | process.parent.executable | text | | process.parent.pid | int | | process.parent.pid | int | | process.parent.start | date/time | | process.pid | int | | process.pid | int | | process.start | date/time | | process.start | date/time | | related.hash | array | | related.hash | text | | related.hosts | array | | related.hosts | text | | related.ip | array | | related.ip | text | | related.user | array | | related.user | text | | rule.author | text | | rule.category | text | | rule.description | text | | rule.description | text | | rule.id | text | | rule.id | text | | rule.name | text | | rule.name | text | | rule.ruleset | text | | rule.uuid | text | | sensor.id | text | | source.address | ip | | source.as.number | text | | source.as.organization.name | text | | source.domain | text | | source.geo.city\_name | text | | source.geo.continent\_code | text | | source.geo.country\_code | text | | source.geo.country\_name | text | | source.geo.location.lat | geopoint | | source.geo.location.lon | geopoint | | source.geo.region\_name | text | | source.hostname | text | | source.ip | ip | | source.locality | text | | source.mac | text | | source.port | int | | threat.framework | text | | threat.tactic.id | text | | threat.tactic.name | text | | threat.technique.id | text | | threat.technique.name | text | | threat.technique.name | text | | threat.technique.name.text | text | | threatintel.days | int | | threatintel.days | int | | threatintel.entity | text | | threatintel.event\_data | text | | threatintel.event\_data | text | | threatintel.lookup | text | | threatintel.malware.malware | text | | threatintel.malware.malware | text | | threatintel.malware.timestamp | date/time | | threatintel.malware.timestamp | date/time | | threatintel.severity | text | | threatintel.severity | text | | threatintel.tags | text | | threatintel.tags | text | | threatintel.white\_list | text | | threatintel.white\_list | text | | url.full | text | | url.original | text | | user.domain | text | | user.name | text | | user.name | text | | user.role | text | | uuid | text |