Cortex BIOC Messages

Cortex BIOC Messages

Base Rule

General Security

Other Security

HEADER/Vendor

N/A

N/A

Vendor info

HEADER/Device Product

N/A

N/A

Device Product info

HEADER/Device Version

<version>

Text/String

Device Version info

HEADER/Device Event Class ID

<vmid>

Text/String

N/A

HEADER/name

<vendorinfo>

Text/String

Action type

HEADER/Severity

<severity>

Text/String

integer/0 - Unknown, 6 - Low, 8 - Medium, 9 - High

end

N/A

N/A

Timestamp

shost

<sname>

Text/String

Hostname of the machine from where the action was initiated.

suser

<login>, <domainorigin>

Text/String

Username of the user who initiated the action.

deviceFacility

N/A

N/A

N/A

cat

<threatname>

Text/String

N/A

externalId

<threatid>

Number

N/A

request

<url>

Text/String/Number

N/A

cs1

<process>

Text/String

N/A

cs1Label

N/A

N/A

N/A

cs2

N/A

N/A

N/A

cs2Label

N/A

N/A

N/A

cs3

N/A

N/A

N/A

cs3Label

N/A

N/A

N/A

cs4

N/A

N/A

N/A

cs4Label

N/A

N/A

N/A

cs5

<command>

Text/String

N/A

cs5Label

N/A 

N/A 

N/A

cs6

N/A

N/A

N/A

cs6Label

N/A

N/A

N/A

fileHash

<hash>

Text/String/Number

N/A

filePath

<object>

Text/String

N/A

targetprocesssignature

N/A 

N/A 

N/A

tenantname

N/A 

N/A 

N/A

tenantCDLid

N/A 

N/A 

N/A

CSPaccountname

N/A 

N/A 

N/A

initiatorSha256

N/A 

N/A 

N/A

initiatorPath

<parentprocesspath>

Text/String

N/A

cgoSha256

N/A 

N/A 

N/A

osParentName

N/A 

N/A 

N/A

osParentCmd

N/A

N/A

N/A

osParentSha256

N/A

N/A

N/A

osParentSignature

N/A

N/A

N/A

osParentSigner

N/A

N/A

N/A

incident

N/A

N/A

N/A

act

<action>

Text/String

N/A