| DiscoveryResult |
Discovery Result events report the results of a discovery request |
yes |
| HttpActivity |
HTTP Activity events report HTTP connection and traffic information |
yes |
| FileActivity |
File System Activity events report when a process performs an action on a fil... |
yes |
| UnmannedSystemsEvent |
The Unmanned Systems event is a generic event that defines a set of attribute... |
no |
| WindowsServiceActivity |
Windows Service Activity events report when a process interacts with the |
yes |
| UserAccess |
User Access Management events report management updates to a user's privilege... |
yes |
| ProcessRemediationActivity |
Process Remediation Activity events report on attempts at remediating |
no |
| ApplicationEvent |
|
no |
| NetworkActivity |
Network Activity events report network connection and traffic activity |
yes |
| ModuleActivity |
Module Activity events report when an endpoint process acts on a |
yes |
| ServiceQuery |
Service Query events report information about running services |
no |
| SessionQuery |
User Session Query events report information about existing user sessions |
no |
| SoftwareInfo |
Software Inventory Info events report device software inventory data that is |
no |
| Authentication |
Authentication events report authentication session activities, including use... |
yes |
| AuthorizeSession |
Authorize Session events report privileges or groups assigned to a new user |
yes |
| EmailFileActivity |
Email File Activity events report files within emails |
yes |
| FolderQuery |
Folder Query events report information about folders that are present on the |
no |
| NetworkConnectionQuery |
Network Connection Query events report information about active network |
no |
| FileRemediationActivity |
File Remediation Activity events report on attempts at remediating files |
no |
| ComplianceFinding |
Compliance Finding events describe results of evaluations performed against |
no |
| ProcessActivity |
Process Activity events report when a process launches, injects, opens or |
yes |
| DatastoreActivity |
Datastore events describe general activities (Read, Update, Query, Delete, |
yes |
| DnsActivity |
DNS Activity events report DNS queries and answers as seen on the network |
yes |
| OsintInventoryInfo |
OSINT Inventory Info events report open source intelligence or threat |
no |
| SecurityFinding |
Security Finding events describe findings, detections, anomalies, alerts and/... |
yes |
| IamEvent |
The Identity & Access Management event is a generic event that defines a set ... |
no |
| NetworkEvent |
Network event is a generic event that defines a set of attributes available i... |
no |
| FtpActivity |
File Transfer Protocol (FTP) Activity events report file transfers between a |
yes |
| NetworksQuery |
Networks Query events report information about network adapters |
no |
| DataSecurityFinding |
A Data Security Finding describes detections or alerts generated by various |
yes |
| UserQuery |
User Query events report user data that have been discovered, queried, polled |
no |
| BaseEvent |
The base event is a generic and concrete event |
yes |
| ScriptActivity |
Script Activity events report when a process executes a script |
yes |
| Finding |
The Finding event is a generic event that defines a set of attributes availab... |
yes |
| WebResourceAccessActivity |
Web Resource Access Activity events describe successful/failed attempts to |
yes |
| UserInventory |
User Inventory Info events report user inventory data that is either logged o... |
no |
| PeripheralDeviceQuery |
Peripheral Device Query events report information about peripheral devices |
no |
| PeripheralActivity |
Peripheral Activity events log a system's interactions with external, |
yes |
| WindowsResourceActivity |
Windows Resource Activity events report when a process accesses a Windows |
yes |
| PatchState |
Operating System Patch State reports the installation of an OS patch to a |
no |
| RegistryKeyActivity |
Registry Key Activity events report when a process performs an action on a |
yes |
| ApiActivity |
API events describe general CRUD (Create, Read, Update, Delete) API activitie... |
yes |
| EventLogActvity |
Event Log Activity events report actions pertaining to the system's event |
yes |
| NetworkRemediationActivity |
Network Remediation Activity events report on attempts at remediating compute... |
no |
| KernelExtensionActivity |
Kernel Extension events report when a driver/extension is loaded or unloaded |
yes |
| DhcpActivity |
DHCP Activity events report MAC to IP assignment via DHCP from a client or |
yes |
| InventoryInfo |
Device Inventory Info events report device inventory data that is either logg... |
no |
| ApplicationError |
Application Error events describe issues with an applications |
yes |
| KernelObjectQuery |
Kernel Object Query events report information about discovered kernel |
no |
| RemediationActivity |
Remediation Activity events report on attempts at remediating a compromised |
yes |
| ProcessQuery |
Process Query events report information about running processes |
no |
| DiscoveryEvent |
The Discovery event is a generic event that defines a set of attributes |
yes |
| VulnerabilityFinding |
The Vulnerability Finding event is a notification about weakness in an |
no |
| AirborneBroadcastActivity |
Airborne Broadcast Activity events report the activity of any aircraft or |
yes |
| ModuleQuery |
Module Query events report information about loaded modules |
no |
| NetworkFileActivity |
Network File Activity events report file activities traversing the network, |
yes |
| SmbActivity |
Server Message Block (SMB) Protocol Activity events report client/server |
yes |
| RdpActivity |
Remote Desktop Protocol (RDP) Activity events report post-authentication remo... |
yes |
| RegistryKeyQuery |
Registry Key Query events report information about discovered Windows registr... |
no |
| MemoryActivity |
Memory Activity events report when a process has memory allocated, |
yes |
| CloudResourcesInventoryInfo |
Cloud Resources Inventory Info events report cloud asset inventory data |
no |
| SshActivity |
SSH Activity events report remote client connections to a server using the |
yes |
| AccountChange |
Account Change events report when specific user account management tasks are |
yes |
| TunnelActivity |
Tunnel Activity events report secure tunnel establishment (such as VPN), |
yes |
| DroneFlightsActivity |
Drone Flights Activity events report the activity of Unmanned Aerial Systems |
yes |
| IamAnalysisFinding |
This finding represents an IAM analysis result, which evaluates IAM policies, |
no |
| EmailUrlActivity |
Email URL Activity events report URLs within an email |
yes |
| StartupItemQuery |
Startup Item Query events report information about discovered items, e |
no |
| DetectionFinding |
A Detection Finding describes detections or alerts generated by security |
no |
| EntityManagement |
Entity Management events report activity by a managed client, a micro service... |
yes |
| EmailActivity |
Email Activity events report SMTP protocol and email activities including tho... |
yes |
| RegistryValueQuery |
Registry Value Query events report information about discovered Windows |
no |
| SystemEvent |
The System Activity event is a generic event that defines a set of attributes |
no |
| JobQuery |
Job Query events report information about scheduled jobs |
no |
| FileHosting |
File Hosting Activity events report the actions taken by file management |
yes |
| EvidenceInfo |
Data collected directly from devices that represents forensic information |
no |
| IncidentFinding |
An Incident Finding reports the creation, update, or closure of security |
yes |
| NtpActivity |
The Network Time Protocol (NTP) Activity events report instances of remote |
yes |
| WebResourcesActivity |
Web Resources Activity events describe actions executed on a set of Web |
yes |
| ScheduledJobActivity |
Scheduled Job Activity events report activities related to scheduled jobs or |
yes |
| KernelActivity |
Kernel Activity events report when an process creates, reads, or deletes a |
yes |
| DeviceConfigStateChange |
Device Config State Change events report state changes that impact the securi... |
no |
| ScanActivity |
Scan events report the start, completion, and results of a scan job |
yes |
| AdminGroupQuery |
Admin Group Query events report information about administrative groups |
no |
| ApplicationSecurityPostureFinding |
The Application Security Posture Finding event is a notification about any bu... |
no |
| RegistryValueActivity |
Registry Value Activity events reports when a process performs an action on a |
yes |
| ConfigState |
Device Config State events report device configuration data, device |
no |
| GroupManagement |
Group Management events report management updates to a group, including updat... |
yes |
| ApplicationLifecycle |
Application Lifecycle events report installation, removal, start, stop of an |
yes |
| PrefetchQuery |
Prefetch Query events report information about Windows prefetch files |
no |
| FileQuery |
File Query events report information about files that are present on the |
no |