Action Actor

Description

The Action actor is an an activity that took place and was recorded by the agent.

Actor Fields

This actor uses:
action
. It has the following fields:
Field Name
(Datatype)
Description
action_​process_​device_​info
(record)
Info about the device (volume + HW) from which this process started - these fields represent HW info and will be populated only for USB devices
action_​process_​file_​create_​time
(INTEGER)
Creation time of the file that created the process
action_​process_​file_​mod_​time
(INTEGER)
Modification time of the file that created the process
action_​process_​file_​size
(INTEGER)
Size of the file of the process in bytes
action_​process_​image_​extension
(STRING)
File extension of 'action_process_image_path'
action_​process_​image_​md5
(STRING)
None Available
action_​process_​image_​name
(STRING)
File name of 'action_process_image_path'
action_​process_​image_​path
(STRING)
None Available
action_​process_​image_​sha256
(STRING)
None Available
action_​process_​os_​pid
(INTEGER)
The OS PID of the new process
action_​process_​signature_​product
(STRING)
None Available
action_​process_​signature_​vendor
(STRING)
None Available
action_​remote_​ip
(STRING)
Destination IP address
action_​remote_​port
(INTEGER)
Destination port

Recommended For You