Log Writer data sources

The following data sources are available for Log Writer.

Note The letter beside each data source is used in the table below to represent its availability for the data field.

A. EventsApplicationControlData

B. EventsCommonData

C. EventsDataControlData

D. EventsDeviceControlData (added new data fields)

E. EventsFirewallData

F. EventsTamperProtectionData

G. EventsWebData (added new data fields)

H. ThreatEventData

I. ThreatInstances

J. ComputerStatusData

The data fields available for each of these data sources are listed in the table below. All date-time columns are returned in UTC in the format "yyyy-mm-dd hh:mi:ss" (24 hours).

New Data fields that are available with SEC 5.0 or later versions are indicated.


Data field Data type	Data source
Data field Data type	A	B	C	D	E	F	G	H	I	J
`EventID` `integer`	•	•	•	•	•	•	•	•
`EventTime` `datetime`	•	•	•	•	•	•	•	•
`EventTypeID` `integer`	•	•	•	•	•	•	•
`EventTypeName` `nvarchar`	•	•	•	•	•	•	•
`SubTypeID` `integer`	•	•		•		•	•
`SubTypeName` `nvarchar`	•	•		•		•	•
`InsertedAt` `datetime`	•	•	•	•	•	•	•	•	•
`UserName` `nvarchar`	•	•	•	•	•	•	•	•
`ComputerName` `nvarchar`	•	•	•	•	•	•	•	•	•	•
`ComputerDomain` `nvarchar`	•	•	•	•	•	•	•	•	•	•
`ComputerIPAddress` `nvarchar`	•	•	•	•	•	•	•	•	•	•
`Name` `nvarchar`	•	•	•	•	•	•	•
`ReportingName` `nvarchar`	•	•	•	•	•	•	•
`ActionID` `integer`	•	•	•	•	•	•	•
`ActionName` `nvarchar`	•	•	•	•	•	•	•
`ScanTypeID` `integer`	•	•
`ScanTypeName` `nvarchar`	•	•
`RuleName` `nvarchar`			•
`TrueFileType` `nvarchar`			•
`DestinationPath` `nvarchar`			•
`DestinationTypeID` `integer`			•
`DestinationTypeName` `nvarchar`			•
`SourcePath` `nvarchar`			•
`FileName` `nvarchar`			•		•
`DestinationValue` `nvarchar`			•
`FileSize` (SEC 5.0 or later) `long`			•
`DeviceTypeID` `integer`				•
`DeviceTypeName` `nvarchar`				•
`Model` `nvarchar`				•
`DeviceID` `nvarchar`				•
`Role` `nvarchar`					•
`FilePath` `nvarchar`					•
`FileVersion` `nvarchar`					•				•
`FileChecksum` `nvarchar`					•
`CommandLine` `nvarchar`					•
`Session` `nvarchar`					•
`Desktop` `nvarchar`					•
`Location` `nvarchar`					•
ProtocolID `integer`					•
`ProtocolText` `nvarchar`					•
`DirectionID` `integer`					•
`DirectionText` `nvarchar`					•
`LocalAddress` `nvarchar`					•
`RemoteAddress` `nvarchar`					•
`LocalPort` `integer`					•
`RemotePort` `integer`					•
`Target` `nvarchar`						•
`TargetTypeID` `integer`						•
`TargetTypeText` `nvarchar`							•
`RuleID` `nvarchar`								•
`BlockedSite` `nvarchar`								•
`ReferringURL` `nvarchar`							•
`ReasonID` (SEC 5.0 or later) `integer`							•
`ReasonName` (SEC 5.0 or later) `nvarchar`							•
`CategoryID` (SEC 5.0 or later) `integer`							•
`CategoryName` (SEC 5.0 or later) `nvarchar`							•
`ActionTakenID` `integer`								•
`ActionTakenName` `nvarchar`								•
`ScannerTypeID` `integer`									•
`ScannerTypeName` `nvarchar`									•
`StatusID` `integer`									•
`StatusName` `nvarchar`									•
`ThreatID` `integer`										•
`ThreatName` `nvarchar`									•	•
`ThreatTypeID` `integer`									•	•
`ThreatTypeName` `nvarchar`									•	•
`ThreatSubTypeID` `integer`										•
`ThreatSubTypeName` `nvarchar`										•
`FullFilePath` `nvarchar`									•	•
`CheckSum` `nvarchar`										•
`FirstDetectedAt` `datetime`									•
`Priority` `integer`									•
`ComputerID` `integer`										•
`Connected` `bit`										•
`Managed` `bit`										•
`OnAccessState` `bit`										•
`TamperProtectionState` `bit`										•
`SedState` `integer`										•
`HmpaState` `integer`										•
`PatchState` `bit`										•
`FirewallState` `integer`										•
`AppControlState` `bit`										•
`DeviceControlState` `bit`										•
`WebControlState` `bit`										•

Log Writer data sources

Machine translation disclaimer