| HttpActivity |
HTTP Activity events report HTTP connection and traffic information |
yes |
| FileActivity |
File System Activity events report when a process performs an action on a fil... |
yes |
| Databucket |
The databucket object is a basic container that holds data, typically organiz... |
yes |
| FtpActivity |
File Transfer Protocol (FTP) Activity events report file transfers between a |
yes |
| Module |
The Module object describes the attributes of a module |
yes |
| DataSecurityFinding |
A Data Security Finding describes detections or alerts generated by various |
yes |
| NetworkFileActivity |
Network File Activity events report file activities traversing the network, |
yes |
| SmbActivity |
Server Message Block (SMB) Protocol Activity events report client/server |
yes |
| Osint |
The OSINT (Open Source Intelligence) object contains details related to an |
yes |
| WindowsProcess |
Extends the process object to add Windows specific fields |
no |
| RdpActivity |
Remote Desktop Protocol (RDP) Activity events report post-authentication remo... |
yes |
| Process |
The Process object describes a running instance of a launched program |
yes |
| AffectedCode |
The Affected Code object describes details about a code block identified as |
yes |
| LinuxProcess |
Extends the process object to add Linux specific fields |
no |
| QueryEvidence |
The specific resulting evidence information that was queried or discovered |
yes |
| Evidences |
A collection of evidence artifacts associated to the activity/activities that |
yes |
| WindowsQueryEvidence |
The resulting evidence information that was queried |
no |
| Script |
The Script object describes a script or command that can be executed by a |
yes |
| SshActivity |
SSH Activity events report remote client connections to a server using the |
yes |
| KernelDriver |
The Kernel Extension object describes a kernel driver that has been loaded or |
yes |
| Job |
The Job object provides information about a scheduled job or task, including |
yes |
| MacosProcess |
Extends the process object to add macOS specific fields |
no |
| EmailFileActivity |
Email File Activity events report files within emails |
yes |
| FileRemediationActivity |
File Remediation Activity events report on attempts at remediating files |
yes |
| WindowsEvidences |
Extends the evidences object to add Windows specific fields |
no |
| EventLogActvity |
Event Log Activity events report actions pertaining to the system's event |
yes |
| FileHosting |
File Hosting Activity events report the actions taken by file management |
yes |
| FileQuery |
File Query events report information about files that are present on the |
yes |