Information about the target of the activity
xdm.target.host
The target host of the activity.
xdm.target.host.hostname
Description |
The host name of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.os_family
Description |
The operating system of the target host of the activity. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.OS_FAMILY_WINDOWS, XDM_CONST.OS_FAMILY_MACOS, XDM_CONST.OS_FAMILY_LINUX, XDM_CONST.OS_FAMILY_ANDROID, XDM_CONST.OS_FAMILY_IOS |
xdm.target.host.os
Description |
The specific operating system of the target host of the activity, including version. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.fqdn
Description |
The fully-qualified domain name (FQDN) of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.device_category
Description |
The device category of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Infusion System, ATM Machine, Personal Computer, 3D Printer |
xdm.target.host.device_model
Description |
The device model of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
iPad, PA-3200, ThinkPad E14, e2-highmem-8, t2.micro |
xdm.target.host.device_id
Description |
The unique device ID of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.ipv4_addresses
Description |
The IPv4 addresses of the target host of the activity. |
Datatype |
IPv4 |
Dataclass |
Array |
xdm.target.host.ipv6_addresses
Description |
The IPv6 addresses of the target host of the activity. |
Datatype |
IPv6 |
Dataclass |
Array |
xdm.target.host.ipv4_public_addresses
Description |
The IPv4 public addresses of the target host of the activity. |
Datatype |
IPv4 |
Dataclass |
Array |
xdm.target.host.ipv6_public_addresses
Description |
The IPv6 public addresses of the target host of the activity. |
Datatype |
IPv6 |
Dataclass |
Array |
xdm.target.host.mac_addresses
Description |
The MAC addresses of the target host of the activity. |
Datatype |
String |
Dataclass |
Array |
xdm.target.host.manufacturer
Description |
The device manufacturer of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.hardware_uuid
Description |
The unique hardware manufacturing ID of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.host.boot_time
Description |
The last known start up time of the target host of the activity. |
Datatype |
Timestamp |
Dataclass |
Scalar |
xdm.target.host.image
Description |
The image/runtime name/ID of the target host of the activity. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
ami-19231, python3.9, nodejs14.x |
xdm.target.host.memory
Description |
The memory capacity size in bytes of the target host of the activity. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.agent
The agent on the target host.
xdm.target.agent.identifier
Description |
The ID of the agent on the target host. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.agent.type
Description |
The type of the agent on the target host |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.AGENT_TYPE_REGULAR, XDM_CONST.AGENT_TYPE_COLLECTOR, XDM_CONST.AGENT_TYPE_VDI, XDM_CONST.AGENT_TYPE_CLOUD |
xdm.target.agent.version
Description |
The version of the agent on the target host. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.agent.content_version
Description |
The content version of the agent on the target host. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.agent.installation_time
Description |
The installation time of the agent on the target host. |
Datatype |
Timestamp |
Dataclass |
Scalar |
xdm.target.user
The target user.
xdm.target.user.identifier
Description |
The ID of the user, such as GUID, SID or any other ID that uniquely identifies the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.username
Description |
The user name used for identification of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.user_type
Description |
The type of the target user. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.USER_TYPE_REGULAR, XDM_CONST.USER_TYPE_SERVICE_ACCOUNT, XDM_CONST.USER_TYPE_MACHINE_ACCOUNT |
xdm.target.user.first_name
Description |
The first name of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.last_name
Description |
The last name of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.middle_name
Description |
The middle name of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.employee_id
Description |
The employee ID of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.badge_id
Description |
The work badge ID of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.ou
Description |
The organization unit of the target user. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.domain
Description |
The domain to which the target user belongs. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.user.is_password_changeable
Description |
Whether the password of the target user is changeable. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.user.is_password_expired
Description |
Whether the password of the target user has expired. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.user.is_password_required
Description |
Whether the password of the target user is required. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.user.is_disabled
Description |
Whether the target user is disabled. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.user.groups
Description |
The groups or roles to which the target user belongs. |
Datatype |
String |
Dataclass |
Array |
xdm.target.user.netbios_domain
Description |
The subdomain of the target user's DNS domain name. See https://docs.microsoft.com/en-us/exchange/disjoint-namespace-scenarios-exchange-2013-help#dns-and-netbios-domain-names (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
mycompany |
Enriched |
True |
xdm.target.user.sam_account_name
Description |
The logon name of the target user. See https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#samaccountname (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
jondoe |
Enriched |
True |
xdm.target.user.upn
Description |
The principal name of the target user. See https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
jon.doe@mycompany.com |
Enriched |
True |
xdm.target.user.identity_type
Description |
The identity type of the target user (auto-enriched field). |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.IDENTITY_TYPE_MACHINE, XDM_CONST.IDENTITY_TYPE_USER, XDM_CONST.IDENTITY_TYPE_BUILTIN, XDM_CONST.IDENTITY_TYPE_VIRTUAL, XDM_CONST.IDENTITY_TYPE_UNKNOWN |
Enriched |
True |
xdm.target.user.scope
Description |
The scope of the target user (auto-enriched field). |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.SCOPE_TYPE_LOCAL, XDM_CONST.SCOPE_TYPE_DOMAIN, XDM_CONST.SCOPE_TYPE_AZURE, XDM_CONST.SCOPE_TYPE_MICROSOFT, XDM_CONST.SCOPE_TYPE_UNKNOWN |
Enriched |
True |
xdm.target.location
The target host.
xdm.target.location.country
Description |
The country of the target host (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Japan |
Enriched |
True |
xdm.target.location.city
Description |
The city of the target host (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Tokyo |
Enriched |
True |
xdm.target.location.continent
Description |
The continent of the target host (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Asia |
Enriched |
True |
xdm.target.location.region
Description |
The region of the target host (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Tokyo |
Enriched |
True |
xdm.target.location.latitude
Description |
Latitude coordinate of the target host's location (auto-enriched field). |
Datatype |
Float |
Dataclass |
Scalar |
Examples |
45.505918 |
Enriched |
True |
xdm.target.location.longitude
Description |
Longitude coordinate of the target host's location (auto-enriched field). |
Datatype |
Float |
Dataclass |
Scalar |
Examples |
-73.61483 |
Enriched |
True |
xdm.target.location.timezone
Description |
Timezone in Continent/City format of the target host (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Asia/Tokyo |
Enriched |
True |
xdm.target.process
The target process.
xdm.target.process.name
Description |
The name of the target process. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.pid
Description |
The ID of the target process, provided by the operating system. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.process.identifier
Description |
The unique ID of the target process, provided by the agent. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.command_line
Description |
The command line that the target process is executing. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.causality_id
Description |
The ID of the root process that triggered the chain that the target process is a part of. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.parent_id
Description |
The ID of the direct parent process that triggered the target process. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.integrity_level
Description |
The mode of operation level in which the target process is running. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.process.executable
The target process.
xdm.target.process.executable.filename
Description |
The file name of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.executable.path
Description |
The file path of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.executable.directory
Description |
The file directory of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.executable.extension
Description |
The file extension of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.executable.file_type
Description |
The file type of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.process.executable.md5
Description |
The MD5 hash signature for the target process executable content. |
Datatype |
MD5 |
Dataclass |
Scalar |
xdm.target.process.executable.sha256
Description |
The SHA256 hash signature for the target process executable content. |
Datatype |
SHA256 |
Dataclass |
Scalar |
xdm.target.process.executable.is_signed
Description |
Whether the loaded module of the target process executable is signed. |
Datatype |
Boolean |
Dataclass |
Scalar |
Examples |
True |
xdm.target.process.executable.signer
Description |
The signer of the target process executable. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Microsoft Corporation |
xdm.target.process.executable.signature_status
Description |
The signature status of the target process executable. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.SIGNATURE_STATUS_UNSIGNED, XDM_CONST.SIGNATURE_STATUS_SIGNED_INVALID, XDM_CONST.SIGNATURE_STATUS_SIGNED_VERIFIED, XDM_CONST.SIGNATURE_STATUS_STATUS_UNKNOWN |
xdm.target.process.executable.size
Description |
Size in bytes of the target process executable. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.process.thread_id
Description |
The thread ID of the target process. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.process.is_injected
Description |
Whether the target process's thread/activity is executed via process injection. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.process.container_id
Description |
ID of the container that is running the target process. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.application
The target application.
xdm.target.application.name
Description |
The name of the target application. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.application.version
Description |
The version of the target application. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.application.publisher
Description |
The publisher (vendor/company) of the target application. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.application.installation_timestamp
Description |
The installation time of the target application. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.application.from_appstore
Description |
Whether the target application was installed from an application store. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.target.ipv4
Description |
The target IPv4 address of the activity. |
Datatype |
IPv4 |
Dataclass |
Scalar |
xdm.target.ipv6
Description |
The target IPv6 address of the activity. |
Datatype |
IPv6 |
Dataclass |
Scalar |
xdm.target.asn
The target IP address.
xdm.target.asn.as_number
Description |
The autonomous system number (ASN) of the target IP address (auto-enriched field). |
Datatype |
Number |
Dataclass |
Scalar |
Examples |
54538 |
Enriched |
True |
xdm.target.asn.as_name
Description |
The autonomous system name of the target IP address (auto-enriched field). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
PALO ALTO NETWORKS |
Enriched |
True |
xdm.target.asn.isp
Description |
The autonomous system ISP name of the target IP address. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.asn.domain
Description |
The autonomous system domain name of the target IP address |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.asn.is_proxy
Description |
Indicates whether or not the the autonomous system of the target IP address is a proxy/VPN address (auto-enriched field). |
Datatype |
Boolean |
Dataclass |
Scalar |
Enriched |
True |
xdm.target.is_internal_ip
Description |
Whether the target IP address is internal (auto-enriched field). |
Datatype |
Boolean |
Dataclass |
Scalar |
Enriched |
True |
xdm.target.port
Description |
The target port. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.sent_bytes
Description |
The amount of bytes transmitted back by the target host. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.sent_packets
Description |
The amount of packets transmitted back by the target host. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.interface
Description |
The target interface address (usually the MAC address). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.zone
Description |
The region/zone of the target host. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.subnet
Description |
The subnet of the target IP address, in CIDR notation. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
198.51.100.0/22, 2001:db8::/48 |
xdm.target.vlan
Description |
The VLAN of the target host. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.cloud
cloud specific information
xdm.target.cloud.provider
Description |
The cloud provider. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.CLOUD_PROVIDER_AWS, XDM_CONST.CLOUD_PROVIDER_GCP, XDM_CONST.CLOUD_PROVIDER_AZURE, XDM_CONST.CLOUD_PROVIDER_ALIBABA, XDM_CONST.CLOUD_PROVIDER_ON_PREM |
xdm.target.cloud.geo_region
Description |
The cloud provider's cloud geo region name. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
APAC, NORTH_AMERICA, EUROPE |
xdm.target.cloud.region
Description |
The cloud provider's cloud region name. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
us-east-2, eu-west-2, me-south-1 |
xdm.target.cloud.zone
Description |
The cloud zone/sub region within a certain region in the cloud provider. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
us-east-1a |
xdm.target.cloud.project
Description |
The project name in which the log was reported. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.cloud.project_hierarchy
Description |
The project's parent folders / organization unit. |
Datatype |
String |
Dataclass |
Array |
Examples |
['Palo Alto Networks', 'Cortex Analytics', 'dev'] |
xdm.target.cloud.project_id
Description |
The project id in which the log was reported. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module
The target module (loaded, unloaded, etc.).
xdm.target.module.filename
Description |
The file name of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module.path
Description |
The file path of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module.directory
Description |
The file directory of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module.extension
Description |
The file extension of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module.file_type
Description |
The file type of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.module.md5
Description |
The MD5 hash signature for the target module (loaded, unloaded, etc.) content. |
Datatype |
MD5 |
Dataclass |
Scalar |
xdm.target.module.sha256
Description |
The SHA256 hash signature for the target module (loaded, unloaded, etc.) content. |
Datatype |
SHA256 |
Dataclass |
Scalar |
xdm.target.module.is_signed
Description |
Whether the loaded module of the target module (loaded, unloaded, etc.) is signed. |
Datatype |
Boolean |
Dataclass |
Scalar |
Examples |
True |
xdm.target.module.signer
Description |
The signer of the target module (loaded, unloaded, etc.). |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Microsoft Corporation |
xdm.target.module.signature_status
Description |
The signature status of the target module (loaded, unloaded, etc.). |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.SIGNATURE_STATUS_UNSIGNED, XDM_CONST.SIGNATURE_STATUS_SIGNED_INVALID, XDM_CONST.SIGNATURE_STATUS_SIGNED_VERIFIED, XDM_CONST.SIGNATURE_STATUS_STATUS_UNKNOWN |
xdm.target.module.size
Description |
Size in bytes of the target module (loaded, unloaded, etc.). |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.registry
A registry contains information, settings, options, and other values for programs and hardware installed on all versions of Microsoft Windows operating systems.
xdm.target.registry.key
Description |
The registry key that is associated with the operation, normalized to standard root key naming conventions. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
HKEY_LOCAL_MACHINE\SOFTWARE\MTG |
xdm.target.registry.value
Description |
The registry value that is associated with the operation. Registry values are similar to files in file systems. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.registry.value_type
Description |
The registry value type. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.REGISTRY_VALUE_TYPE_REG_BINARY, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD_LITTLE_ENDIAN, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD_BIG_ENDIAN, XDM_CONST.REGISTRY_VALUE_TYPE_REG_EXPAND_SZ |
xdm.target.registry.data
Description |
The data stored in the registry value. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
C:\Windows\system32;C:\Windows; |
xdm.target.registry_before
before the action.
xdm.target.registry_before.key
Description |
The registry key before the action that is associated with the operation, normalized to standard root key naming conventions. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
HKEY_LOCAL_MACHINE\SOFTWARE\MTG |
xdm.target.registry_before.value
Description |
The registry value before the action that is associated with the operation. Registry values are similar to files in file systems. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.registry_before.value_type
Description |
The registry value type before the action. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.REGISTRY_VALUE_TYPE_REG_BINARY, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD_LITTLE_ENDIAN, XDM_CONST.REGISTRY_VALUE_TYPE_REG_DWORD_BIG_ENDIAN, XDM_CONST.REGISTRY_VALUE_TYPE_REG_EXPAND_SZ |
xdm.target.registry_before.data
Description |
The data stored in the registry value before the action. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
C:\Windows\system32;C:\Windows; |
xdm.target.file
The file that has been created, modified, or deleted.
xdm.target.file.filename
Description |
The file name of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file.path
Description |
The file path of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file.directory
Description |
The file directory of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file.extension
Description |
The file extension of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file.file_type
Description |
The file type of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file.md5
Description |
The MD5 hash signature for the file that has been created, modified, or deleted content. |
Datatype |
MD5 |
Dataclass |
Scalar |
xdm.target.file.sha256
Description |
The SHA256 hash signature for the file that has been created, modified, or deleted content. |
Datatype |
SHA256 |
Dataclass |
Scalar |
xdm.target.file.is_signed
Description |
Whether the loaded module of the file that has been created, modified, or deleted is signed. |
Datatype |
Boolean |
Dataclass |
Scalar |
Examples |
True |
xdm.target.file.signer
Description |
The signer of the file that has been created, modified, or deleted. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Microsoft Corporation |
xdm.target.file.signature_status
Description |
The signature status of the file that has been created, modified, or deleted. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.SIGNATURE_STATUS_UNSIGNED, XDM_CONST.SIGNATURE_STATUS_SIGNED_INVALID, XDM_CONST.SIGNATURE_STATUS_SIGNED_VERIFIED, XDM_CONST.SIGNATURE_STATUS_STATUS_UNKNOWN |
xdm.target.file.size
Description |
Size in bytes of the file that has been created, modified, or deleted. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.file_before
The file before the action.
xdm.target.file_before.filename
Description |
The file name of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file_before.path
Description |
The file path of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file_before.directory
Description |
The file directory of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file_before.extension
Description |
The file extension of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file_before.file_type
Description |
The file type of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.file_before.md5
Description |
The MD5 hash signature for the file before the action content. |
Datatype |
MD5 |
Dataclass |
Scalar |
xdm.target.file_before.sha256
Description |
The SHA256 hash signature for the file before the action content. |
Datatype |
SHA256 |
Dataclass |
Scalar |
xdm.target.file_before.is_signed
Description |
Whether the loaded module of the file before the action is signed. |
Datatype |
Boolean |
Dataclass |
Scalar |
Examples |
True |
xdm.target.file_before.signer
Description |
The signer of the file before the action. |
Datatype |
String |
Dataclass |
Scalar |
Examples |
Microsoft Corporation |
xdm.target.file_before.signature_status
Description |
The signature status of the file before the action. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.SIGNATURE_STATUS_UNSIGNED, XDM_CONST.SIGNATURE_STATUS_SIGNED_INVALID, XDM_CONST.SIGNATURE_STATUS_SIGNED_VERIFIED, XDM_CONST.SIGNATURE_STATUS_STATUS_UNKNOWN |
xdm.target.file_before.size
Description |
Size in bytes of the file before the action. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.target.domain
Description |
The domain that the client tried to access. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.url
Description |
The URL that the client tried to access. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource
A resource that is being audited.
xdm.target.resource.id
Description |
The resource ID. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource.name
Description |
The resource name. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource.parent_id
Description |
The ID of the owner of the audited resource. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource.type
Description |
The resource type. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource.sub_type
Description |
The resource subtype. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource.value
Description |
The value of the audited resource. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before
before the activity.
xdm.target.resource_before.id
Description |
The resource ID before the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before.name
Description |
The resource name before the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before.parent_id
Description |
The ID of the owner of the audited resource before the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before.type
Description |
The resource type before the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before.sub_type
Description |
The resource subtype before the activity. |
Datatype |
String |
Dataclass |
Scalar |
xdm.target.resource_before.value
Description |
The value of the audited resource before the activity. |
Datatype |
String |
Dataclass |
Scalar |