| Key |
Description |
Example |
|---|---|---|
| process_id |
Process doc identifier. |
00000064-0000-07f0-01d2-8e03fc88f25e |
| segment_id |
Process Solr doc segment identifier. |
1 |
| hostname |
Hostname of the computer on which the feed hit was detected. |
PANTHER |
| comms_ip |
IP address from which Carbon Black EDR received the event (which could be a NAT or proxy address, if one is configured for the computer on which the process executed; otherwise this is the same as interface_ip). |
|
| interface_ip |
IP address of the computer on which the process executed. |
|
| sensor_id |
Sensor ID of the endpoint. |
1 |
| feed_id |
ID of the feed that was matched. |
15 |
| feed_name |
Name of the feed that was matched. |
mdl |
| event_timestamp |
Time of the event. |
1400695113.17 |
| start |
|
2015-06-24T18:32:16.752Z |
| process_md5 |
MD5 hash value of the executable backing this process. |
506708142bc63daba64f2d3ad1dcd5bf |
| process_sha256 |
SHA-256 hash value of the executable backing this process. |
2bc63daba64f2d3ad1dcd5bf506708142bc63daba64f2d3ad1dcd5bf50670814 |
| process_name |
Filename of the executable backing this process. |
googleupdate.exe |
| path |
Full path to the executable backing this process. |
c:\program files(x86)\google\update\googleupdate.exe |
| last_update |
Last activity in this process, in the computer’s local time. |
2014-02-04T16:23:22.5 47Z |
