API Field Mapping
Review how API fields are displayed in the Cortex XDR
Management Console.
The following table lists how
API fields are displayed in the
Cortex
XDR
Management Console. Fields are listed
in alphabetical order. Cortex XDR API Field Name | Cortex XDR Management Console Field Name |
---|---|
action | Action |
action_external_hostname | Remote Host |
action_file_macro_sha256 | File Macro SHA256 |
action_file_md5 | File MD5 |
action_file_path | File path |
action_file_sha256 | File SHA256 |
action_local_ip | Local IP |
action_local_port | Local port |
action_process_image_command_line | Target process CMD |
action_process_image_name | Target process name |
action_process_image_sha256 | Target process SHA256 |
action_process_signature_status | Process execution signature |
action_process_signature_vendor | Process execution signer |
action_registry_data | Registry data |
action_registry_full_key | Registry full key |
action_remote_ip | Remote IP |
action_remote_port | Remote port |
actor_process_command_line | Initiator CMD |
actor_process_image_md5 | Initiator MD5 |
actor_process_image_name | Initiated By |
actor_process_image_path | Initiator path |
actor_process_image_sha256 | Initiator SHA256 |
actor_process_os_pid | Initiator PID |
actor_process_signature_status | Initiator signature |
actor_process_signature_vendor | Initiator signer |
actor_thread_thread_id | Initiator TID |
agent_device_domain | Domain |
agent_fqdn | Host FQDN |
agent_os_sub_type | Agent OS Sub Type |
agent_os_type | Host OS |
alert_id | Alert ID |
case_id | Incident ID |
category | Category |
causality_actor_causality_id | CID |
causality_actor_process_command_line | CGO CMD |
causality_actor_process_image_md5 | CGO MD5 |
causality_actor_process_image_name | CGO name |
causality_actor_process_image_sha256 | CGO SHA256 |
causality_actor_process_signature_status | CGO signature |
causality_actor_process_signature_vendor | CGO signer |
contains_featured_host | Contains Featured Host |
contains_featured_ip_address | Contains Featured IP Address |
contains_featured_user | Contains Featured User |
description | Description |
manual_description | Description |
detection_timestamp | Timestamp |
dns_query_name | DNS Query Name |
event_type | Event Type |
external_id | External ID |
fw_app_category | App Category |
fw_app_id | App-ID |
fw_app_subcategory | App Subcategory |
fw_app_technology | App Technology |
fw_device_name | FW Name |
fw_email_recipient | Email Recipient |
fw_email_sender | Email Sender |
fw_email_subject | Email Subject |
fw_interface_from | Source Zone Name |
fw_interface_to | Destination Zone Name |
fw_is_phishing | Is Phishing |
fw_misc | Misc |
fw_rule | FW Rule Name |
fw_rule_id | FW Rule ID |
fw_serial_number | FW Serial Number |
fw_url_domain | URL |
fw_vsys | NGFW VSYS Name |
fw_xff | XFF |
host_ip | Host IP |
host_name | Host |
mac | Host Mac Address |
matching_service_rule_id | Rule ID |
mitre_tactic_id_and_name | Mitre ATT&CK Tactic |
mitre_technique_id_and_name | Mitre ATT&CK Technique |
module_id | Module |
name | Alert Name |
os_actor_effective_username | OS Parent User Name |
os_actor_process_command_line | OS Parent CMD |
os_actor_process_image_name | OS Parent Name |
os_actor_process_image_sha256 | OS Parent SHA256 |
os_actor_process_os_pid | OS Parent PID |
os_actor_process_signature_status | OS Parent Signature |
os_actor_process_signature_vendor | OS Parent Signer |
os_actor_thread_thread_id | OS Parent TID |
severity | Severity |
source | Alert Source |
starred | Starred |
user_name | User Name |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.