This topic describes tokenized search fields.
The following search fields are tokenized:
Alert_id |
blocked_name |
childproc_cmdline |
childproc_name |
childproc_username |
crossproc_name |
device_installed_by |
device_name |
device_os_version |
event_description |
file_scan_result |
fileless_scriptload_cmdline |
filemod_name |
filemod_publisher |
modload_name |
modload_publisher |
netconn_domain |
netconn_location |
netconn_proxy_domain |
parent_cmdline |
parent_name |
process_cmdline |
process_company_name |
process_file_description |
process_internal_name |
process_loaded_script_name (deprecated; use scriptload_name) |
process_name |
process_original_filename |
process_product_name |
process_product_version |
process_publisher |
process_username |
regmod_name |
scriptload_content |
scriptload_name |
watchlist_name |
