Cortex XDR API Field Mapping

Review how API fields are displayed in the Cortex XDR Management Console.
The following table lists how API fields are displayed in the Cortex XDR Management Console. Fields are listed in alphabetical order.
Cortex XDR API Field Name
Cortex XDR Management Console Field Name
action
Action
action_external_hostname
Remote Host
action_file_macro_sha256
File Macro SHA256
action_file_md5
File MD5
action_file_path
File path
action_file_sha256
File SHA256
action_local_ip
Local IP
action_local_port
Local port
action_process_image_command_line
Target process CMD
action_process_image_name
Target process name
action_process_image_sha256
Target process SHA256
action_process_signature_status
Process execution signature
action_process_signature_vendor
Process execution signer
action_registry_data
Registry data
action_registry_full_key
Registry full key
action_remote_ip
Remote IP
action_remote_port
Remote port
actor_process_command_line
Initiator CMD
actor_process_image_md5
Initiator MD5
actor_process_image_name
Initiated By
actor_process_image_path
Initiator path
actor_process_image_sha256
Initiator SHA256
actor_process_os_pid
Initiator PID
actor_process_signature_status
Initiator signature
actor_process_signature_vendor
Initiator signer
actor_thread_thread_id
Initiator TID
agent_device_domain
Domain
agent_fqdn
Host FQDN
agent_os_sub_type
Agent OS Sub Type
agent_os_type
Host OS
alert_id
Alert ID
case_id
Incident ID
category
Category
causality_actor_causality_id
CID
causality_actor_process_command_line
CGO CMD
causality_actor_process_image_md5
CGO MD5
causality_actor_process_image_name
CGO name
causality_actor_process_image_sha256
CGO SHA256
causality_actor_process_signature_status
CGO signature
causality_actor_process_signature_vendor
CGO signer
contains_featured_host
Contains Featured Host
contains_featured_ip_address
Contains Featured IP Address
contains_featured_user
Contains Featured User
description
Description
detection_timestamp
Timestamp
dns_query_name
DNS Query Name
event_type
Event Type
external_id
External ID
fw_app_category
App Category
fw_app_id
App-ID
fw_app_subcategory
App Subcategory
fw_app_technology
App Technology
fw_device_name
FW Name
fw_email_recipient
Email Recipient
fw_email_sender
Email Sender
fw_email_subject
Email Subject
fw_interface_from
Source Zone Name
fw_interface_to
Destination Zone Name
fw_is_phishing
Is Phishing
fw_misc
Misc
fw_rule
FW Rule Name
fw_rule_id
FW Rule ID
fw_serial_number
FW Serial Number
fw_url_domain
URL
fw_vsys
NGFW VSYS Name
fw_xff
XFF
host_ip
Host IP
host_name
Host
mac
Host Mac Address
matching_service_rule_id
Rule ID
mitre_tactic_id_and_name
Mitre ATT&CK Tactic
mitre_technique_id_and_name
Mitre ATT&CK Technique
module_id
Module
name
Alert Name
os_actor_effective_username
OS Parent User Name
os_actor_process_command_line
OS Parent CMD
os_actor_process_image_name
OS Parent Name
os_actor_process_image_sha256
OS Parent SHA256
os_actor_process_os_pid
OS Parent PID
os_actor_process_signature_status
OS Parent Signature
os_actor_process_signature_vendor
OS Parent Signer
os_actor_thread_thread_id
OS Parent TID
severity
Severity
source
Alert Source
starred
Starred
user_name
User Name

Recommended For You