crowdstrike_detection
CrowdStrike Detection
Name | Type | Nullable |
adversary_ids | List | ✓ |
assigned_to_name | String | ✓ |
assigned_to_uid | String | ✓ |
behaviors | List | ✓ |
behaviors_processed | List | ✓ |
cid | String | ✓ |
created_timestamp | Date | ✓ |
detection_id | String | ✗ |
device | Device | ✓ |
email_sent | Boolean | ✓ |
first_behavior | String | ✓ |
hostinfo | HostInfo | ✓ |
last_behavior | String | ✓ |
max_confidence | Long | ✓ |
max_severity | Long | ✓ |
max_severity_displayname | String | ✓ |
overwatch_notes | String | ✓ |
quarantined_files | List | ✓ |
seconds_to_resolve | Long | ✓ |
seconds_to_triaged | Long | ✓ |
show_in_ui | Boolean | ✓ |
status | String | ✓ |
Behavior
Name | Type | Nullable |
alleged_filetype | String | ✓ |
behavior_id | String | ✓ |
cmdline | String | ✓ |
confidence | Long | ✓ |
container_id | String | ✓ |
control_graph_id | String | ✓ |
description | String | ✓ |
device_id | String | ✓ |
display_name | String | ✓ |
filename | String | ✓ |
filepath | String | ✓ |
ioc_description | String | ✓ |
ioc_source | String | ✓ |
ioc_type | String | ✓ |
ioc_value | String | ✓ |
md5 | String | ✓ |
objective | String | ✓ |
parent_details | Behavior.Parent | ✓ |
pattern_disposition | Long | ✓ |
pattern_disposition_details | Behavior.Disposition | ✓ |
rule_instance_id | String | ✓ |
rule_instance_version | Long | ✓ |
scenario | String | ✓ |
severity | Long | ✓ |
sha256 | String | ✓ |
tactic | String | ✓ |
tactic_id | String | ✓ |
technique | String | ✓ |
technique_id | String | ✓ |
template_instance_id | String | ✓ |
timestamp | String | ✓ |
triggering_process_graph_id | String | ✓ |
user_id | String | ✓ |
user_name | String | ✓ |
Behavior.Disposition
Name | Type | Nullable |
blocking_unsupported_or_disabled | Boolean | ✓ |
bootup_safeguard_enabled | Boolean | ✓ |
critical_process_disabled | Boolean | ✓ |
detect | Boolean | ✓ |
fs_operation_blocked | Boolean | ✓ |
handle_operation_downgraded | Boolean | ✓ |
inddet_mask | Boolean | ✓ |
indicator | Boolean | ✓ |
kill_action_failed | Boolean | ✓ |
kill_parent | Boolean | ✓ |
kill_process | Boolean | ✓ |
kill_subprocess | Boolean | ✓ |
operation_blocked | Boolean | ✓ |
policy_disabled | Boolean | ✓ |
process_blocked | Boolean | ✓ |
quarantine_file | Boolean | ✓ |
quarantine_machine | Boolean | ✓ |
registry_operation_blocked | Boolean | ✓ |
rooting | Boolean | ✓ |
sensor_only | Boolean | ✓ |
suspend_parent | Boolean | ✓ |
suspend_process | Boolean | ✓ |
Behavior.Parent
Name | Type | Nullable |
parent_cmdline | String | ✓ |
parent_md5 | String | ✓ |
parent_process_graph_id | String | ✓ |
parent_sha256 | String | ✓ |
Device
Name | Type | Nullable |
device_id | String | ✓ |
hostname | String | ✓ |
Files
Name | Type | Nullable |
id | String | ✓ |
paths | String | ✓ |
sha256 | String | ✓ |
state | String | ✓ |
HostInfo
Name | Type | Nullable |
domain | String | ✓ |
Last updated