Watchlist Hit : Binary | LogRhythm Documentation

Vendor Documentation

https://www.carbonblack.com/products/endpoint-detection-and-response/

Rule Name	Rule Type	Common Event	Classification
Watchlist Hit : Binary	Base Rule	Watchlist Hit	Activity
Watchlist Hit : Unsigned Binary	Sub Rule	Watchlist Hit	Activity
Watchlist Hit : Signed Binary	Sub Rule	Watchlist Hit	Activity

Device Key in Log Message	LogRhythm Schema	Data Type
severity	<severity>	Text/String
result	<result>	Text/String
result	<tag1>	Text/String
digsig_publisher/digsig_issuer	<subject>	Text/String
endpoint	<dname>	Text/String
file_version	<version>	Number
group	<group>	Text/String
md5	<objectname>	Text/String
md5	<hash>	Text/String
observed_filename	<process>	Text/String
original_filename	<object>	Text/String
watchlist_name	<vmid>	Text/String