Current Active Threat – Lists
Canary Lists
| List ID | Type | List Name |
|---|---|---|
| -1000074 | General Value | CAT : Canary List : Hash Value |
| -1000085 | Host | CAT : Canary List : IP Address (Host) |
| -1000076 | General Value | CAT : Canary List : Process Name |
| -1000077 | General Value | CAT : Canary List : Process Path |
| -1000078 | General Value | CAT : Canary List : Registry Keys |
| -1000080 | General Value | CAT : Canary List : Domain |
| -1000086 | General Value | CAT : Canary List : UEBA - Event |
Metadata Field Lists
| List ID | Type | List Name |
|---|---|---|
-1000012 | Log Source Type | CAT : Metadata Field : Action |
-1000013 | Log Source Type | CAT : Metadata Field : Amount |
-1000014 | Log Source Type | CAT : Metadata Field : Command |
-1000081 | Log Source Type | CAT : Metadata Field : CVE |
-1000025 | Log Source Type | CAT : Metadata Field : Domain Impacted |
-1000026 | Log Source Type | CAT : Metadata Field : Domain Origin |
-1000028 | Log Source Type | CAT : Metadata Field : Group |
-1000029 | Log Source Type | CAT : Metadata Field : Hash |
| -1000022 | Log Source Type | CAT : Metadata Field : Hostname Impacted |
| -1000061 | Log Source Type | CAT : Metadata Field : Hostname Origin |
| -1000015 | Log Source Type | CAT : Metadata Field : Interface Impacted |
-1000053 | Log Source Type | CAT : Metadata Field : Interface Origin |
-1000016 | Log Source Type | CAT : Metadata Field : IP Address Impacted |
-1000054 | Log Source Type | CAT : Metadata Field : IP Address Origin |
-1000017 | Log Source Type | CAT : Metadata Field : IP or Hostname Impacted |
-1000055 | Log Source Type | CAT : Metadata Field : IP or Hostname Origin |
-1000018 | Log Source Type | CAT : Metadata Field : IPv4 Impacted |
-1000056 | Log Source Type | CAT : Metadata Field : IPv4 Origin |
-1000019 | Log Source Type | CAT : Metadata Field : IPv6 Impacted |
-1000057 | Log Source Type | CAT : Metadata Field : IPv6 Origin |
-1000020 | Log Source Type | CAT : Metadata Field : IPv6e Impacted |
-1000058 | Log Source Type | CAT : Metadata Field : IPv6e Origin |
-1000021 | Log Source Type | CAT : Metadata Field : MAC Address Impacted |
-1000060 | Log Source Type | CAT : Metadata Field : MAC Address Origin |
-1000023 | Log Source Type | CAT : Metadata Field : NAT IP Address Impacted |
-1000062 | Log Source Type | CAT : Metadata Field : NAT IP Address Origin |
-1000024 | Log Source Type | CAT : Metadata Field : NAT Port Impacted |
-1000063 | Log Source Type | CAT : Metadata Field : NAT Port Origin |
-1000031 | Log Source Type | CAT : Metadata Field : Object |
-1000032 | Log Source Type | CAT : Metadata Field : Object Name |
-1000033 | Log Source Type | CAT : Metadata Field : Object Type |
-1000034 | Log Source Type | CAT : Metadata Field : Parent Process ID |
-1000035 | Log Source Type | CAT : Metadata Field : Parent Process Name |
-1000036 | Log Source Type | CAT : Metadata Field : Parent Process Path |
-1000037 | Log Source Type | CAT : Metadata Field : Policy |
-1000038 | Log Source Type | CAT : Metadata Field : Process ID |
| -1000039 | Log Source Type | CAT : Metadata Field : Process Name |
| -1000040 | Log Source Type | CAT : Metadata Field : Protocol Name |
| -1000041 | Log Source Type | CAT : Metadata Field : Protocol Number |
| -1000042 | Log Source Type | CAT : Metadata Field : Quality |
| -1000043 | Log Source Type | CAT : Metadata Field : Rate |
| -1000044 | Log Source Type | CAT : Metadata Field : Reason |
| -1000045 | Log Source Type | CAT : Metadata Field : Recipient |
| -1000046 | Log Source Type | CAT : Metadata Field : Response Code |
| -1000047 | Log Source Type | CAT : Metadata Field : Result |
| -1000048 | Log Source Type | CAT : Metadata Field : Sender |
| -1000049 | Log Source Type | CAT : Metadata Field : Serial Number |
| -1000050 | Log Source Type | CAT : Metadata Field : Session |
| -1000051 | Log Source Type | CAT : Metadata Field : Session Type |
| -1000052 | Log Source Type | CAT : Metadata Field : Severity |
| -1000059 | Log Source Type | CAT : Metadata Field : Size |
| -1000065 | Log Source Type | CAT : Metadata Field : Status |
| -1000066 | Log Source Type | CAT : Metadata Field : Subject |
| -1000027 | Log Source Type | CAT : Metadata Field : TCP/UDP Port Impacted |
| -1000064 | Log Source Type | CAT : Metadata Field : TCP/UDP Port Origin |
| -1000067 | Log Source Type | CAT : Metadata Field : Threat ID |
| -1000068 | Log Source Type | CAT : Metadata Field : Threat Name |
| -1000069 | Log Source Type | CAT : Metadata Field : URL |
| -1000030 | Log Source Type | CAT : Metadata Field : User Impacted |
| -1000011 | Log Source Type | CAT : Metadata Field : User Origin |
| -1000070 | Log Source Type | CAT : Metadata Field : User-Agent |
| -1000071 | Log Source Type | CAT : Metadata Field : Vendor Message ID |
| -1000073 | Log Source Type | CAT : Metadata Field : Vendor Info |
| -1000072 | Log Source Type | CAT : Metadata Field : Version |