Actor Actor

Description

The Actor actor is the process that performed the action.

Actor Fields

This actor uses:
actor
. It has the following fields:
Field Name
(Datatype)
Description
actor_​primary_​user_​sid
(STRING)
None Available
actor_​primary_​username
(STRING)
None Available
actor_​process_​auth_​id
(STRING)
None Available
actor_​process_​command_​line
(STRING)
None Available
actor_​process_​device_​info
(record)
Info about the device (volume + HW) from which this process started - these fields represent HW info and will be populated only for USB devices
actor_​process_​file_​create_​time
(INTEGER)
None Available
actor_​process_​file_​mod_​time
(INTEGER)
None Available
actor_​process_​file_​size
(INTEGER)
None Available
actor_​process_​image_​extension
(STRING)
None Available
actor_​process_​image_​md5
(STRING)
None Available
actor_​process_​image_​name
(STRING)
None Available
actor_​process_​image_​path
(STRING)
None Available
actor_​process_​image_​sha256
(STRING)
None Available
actor_​process_​logon_​id
(STRING)
None Available
actor_​process_​os_​pid
(INTEGER)
None Available
actor_​process_​session_​id
(INTEGER)
None Available
actor_​process_​signature_​is_​embedded
(BOOLEAN)
Is the signature embedded inside the PE or part of an external catalog file
actor_​process_​signature_​product
(STRING)
None Available
actor_​process_​signature_​vendor
(STRING)
None Available
actor_​remote_​host
(STRING)
None Available
actor_​remote_​ip
(STRING)
None Available
actor_​remote_​pipe_​name
(STRING)
None Available
actor_​remote_​port
(INTEGER)
None Available

Recommended For You