Data fields for Search
You can search the Data Lake for indicators of compromise (IOCs) or for other data such as IP addresses or usernames. See Search.
Here's a full list of the data fields.
Field name | Description |
---|---|
activity_type | OS query name |
category | Type of activity the event is associated with |
command_line | Command-line entry |
customer_id | Sophos customer ID |
data_source | Name of the vendor that generated the event |
dest_ip | IP address to which a system connected |
dest_port | Port number used to receive data |
device_id | Device ID of the device on which activity occurred |
device_ip | IP address on which activity occurred |
hostname | Hostname of device involved |
parent_process_path | File path of the process that created this child process |
parent_command_line | Previous command-line entry |
parent_process-id | ID of the process that created this child process |
src_ip | IP address that started a connection to a secondary system |
process_name | Name of the process involved |
process_path | File path of the process that was run |
process_username | - |
sha256 | SHA-256 file hash |
sophos_process_id | Sophos Process ID of the process that was run |
sophos_parent_process_id | Sophos Process ID of the process that created this child process |
time | Time at which the event occurred |
username | User who is logged into the device |