Data fields for Search
You can search the Data Lake for indicators of compromise (IOCs) or for other data such as IP addresses or usernames. See AI Search.
Here's a full list of the data fields.
| Field name | Description |
|---|---|
| activity_type | OS query name |
| category | Type of activity the event is associated with |
| command_line | Command-line entry |
| customer_id | Sophos customer ID |
| data_source | Name of the vendor that generated the event |
| dest_ip | IP address to which a system connected |
| dest_port | Port number used to receive data |
| device_id | Device ID of the device on which activity occurred |
| device_ip | IP address on which activity occurred |
| hostname | Hostname of device involved |
| parent_process_path | File path of the process that created this child process |
| parent_command_line | Previous command-line entry |
| parent_process-id | ID of the process that created this child process |
| src_ip | IP address that started a connection to a secondary system |
| process_name | Name of the process involved |
| process_path | File path of the process that was run |
| process_username | - |
| sha256 | SHA-256 file hash |
| sophos_process_id | Sophos Process ID of the process that was run |
| sophos_parent_process_id | Sophos Process ID of the process that created this child process |
| time | Time at which the event occurred |
| username | User who is logged into the device |