The following additional fields are not mandatory but may appear in events:

• Ban Name – For block events, name of the ban that blocked the file.
• Computer ID – A numeric ID for the computer associated with the event (0 for system). Increments by one for each computer registered with the server.
• Computer Tag– An optional text string you can add to identify groups of computers that you might want to get reports about or treat in a particular way. A tag offers an alternative to policies as a way to identify groups of computers. Tags may be set on the Computer Details page for one computer or on the Computers page Action menu for multiple computers.
• Config List Version – Version number of the Config List associated with an event. The Config List is the set of rules delivered to agents.
• Date Received – Timestamp when the event was received by the App Control Server (in UTC).
• Indicator Name – Name of the threat indicator associated with the event, if present. Same as rule name when present.
• Indicator Set – Name of the threat indicator set for the indicator associated with the event, if present.
• Operating System Details –Full OS name, the build, and service pack level.
• Platform – Platform of the computer associated with the event (Windows, Mac, Linux).
• Rapid Config – The name of the Rapid Config associated with the event, if any.
• Rule Name – The name (as it appears in the console) of the rule associated with the event. This includes both user-created rules and built-in rules, such as Prompt on unapproved executables.
• Unified Source – The name of the unified server associated with the event, if any.
• Updater – The name of the updater associated with the event, if any.