User Profile
Davidmg1982
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Available 'AdditionalFields' in ActionType for Device Events
Hi community, novice question over here, looking at the code below I can se the creator of this code is calling for AdditionalFields such as ThreatName, WasRemediated,WasExecutingWhileDetected for action type 'AntivirusDetection'. My question is, how can I see the total available additional fields for this action type? I cannot find any using the Data Schema, any advice will be very appreciated. DeviceEvents |whereActionType=="AntivirusDetection" |extendParsedFields=parse_json(AdditionalFields) |projectThreatName=tostring(ParsedFields.ThreatName), WasRemediated=tobool(ParsedFields.WasRemediated), WasExecutingWhileDetected=tobool(ParsedFields.WasExecutingWhileDetected), FileName,SHA1,InitiatingProcessFileName,InitiatingProcessCommandLine, DeviceName,Timestamp,Updated=tostring(ParsedFields.Scanned) |limit1005.2KViews1like0Comments
Recent Blog Articles
No content to show