| Key |
Description |
Example |
|---|---|---|
| cb_version |
Carbon Black EDR server version. |
5.0.0.140204.501 |
| childproc_count
|
Total count of child processes that were created by this process. |
0 |
| cmdline |
Process command line. |
“c:\net.exe” /user |
| filemod_count |
Total count of files that were modified by this process. |
0 |
| group |
Sensor group to which this sensor was assigned at the time of process execution. |
Default Group |
| host_type |
Type of the computer: workstation, server, or domain controller. |
server |
| hostname |
Hostname of the computer on which the process executed. |
PANTHER |
| id |
Internal use. |
7553512292948143354 |
| last_update |
Last activity in this process, in the computer’s local time. |
2014-02-04T16:23:22.5 47Z |
| modload_count |
Total count of modules that were loaded by this process. |
45 |
| netconn_count |
Total count of network connections made by this process. |
0 |
| os_type |
Operating system type of the host. |
Windows |
| parent_unique_id |
Parent process unique ID. |
00000c42-0000-172c-01d0-5d6cca2adbb2 |
| path |
Full path to the executable backing this process. |
c:\program files (x86)\google\update\googleupdate.exe |
| process_md5 |
MD5 hash value of the executable backing this process. |
506708142bc63daba64f2d3ad1dcd5bf |
| process_sha256 |
SHA-256 hash value of the executable backing this process. |
1123a659bc80def22859f36719ed30618589c4b50abc17def38ff7eed913721 |
| parent_pid |
Parent process PID. |
2532 |
| process_name |
Filename of the executable backing this process. |
googleupdate.exe |
| process_pid |
Process PID. |
44988 |
| regmod_count |
Total count of registry modifications made by this process. |
0 |
| segment_id |
Internal use. |
1488563344023 |
| comms_ip |
IP address from which Carbon Black EDR received the event (which could be a NAT or proxy address, if one is configured for the computer on which the process executed; otherwise this is the same as interface_ip). |
123.101.301.4 |
| interface_ip |
IP address of the computer on which the process executed. |
10.432.123.9 |
| sensor_id |
The internal Carbon Black EDR sensor Global Unique Identifier (GUID) of the computer on which this process was executed. |
6 |
| server_name |
Name of the Carbon Black EDR server. |
edrserver |
| start |
Start time of this process, in the computer’s local time. |
2014-02-04T16:23:22.5 16Z |
| unique_id |
Process unique ID. |
00000c42-0000-172c-01d0-5d6cca2adbb2-015A954A1297 |
| username |
User context in which the process was executed. |
SYSTEM |
| watchlist_id |
Watchlist that matched (-1 is the internal syslog test). |
-1 |
| watchlist_name |
Name of the watchlist that matched. |
SyslogTest |
