Linux

Version 1.0

Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors.

Field Names

Data Type

Length

agent.type

text

32

auditd.

text

64

auditd.

text

32

auditd.

text

32

auditd.

text

32

destination.address

ip

destination.as.organization.name

text

128

destination.geo.city_name

text

32

destination.geo.continent_code

text

6

destination.geo.country_code

text

6

destination.geo.country_name

text

32

destination.geo.location.lat

geopoint

destination.geo.location.lon

geopoint

destination.geo.region_name

text

64

destination.locality

text

16

event.action

text

16

event.category

array

50

event.created

date

event.dataset

text

50

event.id

text

128

event.kind

text

16

event.module

text

16

event.original

event.outcome

text

16

event.reason

text

128

event.severity

text

16

event.type

array

32

file.name

int

128

host.architecture

text

32

log.type

text

32

message

text

1024

observer.type

text

32

organisation.id

text

8

process.

text

256

process.

text

128

process.

text

32

process.

int

16

process.

int

16

process.

text

256

process.arg_count

int

16

process.args

text

128

process.name

text

128

process.parent.pid

int

16

related.hash

array

128

related.hosts

array

128

related.ip

array

128

related.user

array

128

sensor.id

text

10

source.address

ip

source.as.number

text

16

source.as.organization.name

text

128

source.geo.city_name

text

32

source.geo.continent_code

text

6

source.geo.country_code

text

6

source.geo.country_name

text

32

source.geo.location.lat

geopoint

source.geo.location.lon

geopoint

source.geo.region_name

text

64

source.locality

text

16

threatintel.days

int

16

threatintel.entity

text

16

threatintel.event_data

text

512

threatintel.lookup

text

16

threatintel.malware.malware

text

512

threatintel.malware.timestamp

date/time

threatintel.severity

text

16

threatintel.tags

text

256

threatintel.white_list

text

32

user.audit.group.id

text

32

user.audit.id

text

32

user.effective.group.id

text

32

user.effective.id

text

32

user.filesystem.group.id

text

32

user.filesystem.id

text

32

user.group.id

text

32

user.id

text

128

user.name

text

128

user.owner.group.id

text

32

user.owner.id

text

32

user.saved.group.id

text

32

user.saved.id

text

32

user.terminal

text

128

uuid

text

36

PreviousWindows NextEndpoint Detection