| UserAccess |
User Access Management events report management updates to a user's privilege... |
yes |
| ManagedEntity |
The Managed Entity object describes the type and version of an entity, such a... |
yes |
| WindowsProcess |
Extends the process object to add Windows specific fields |
no |
| UserQuery |
User Query events report user data that have been discovered, queried, polled |
yes |
| Actor |
The Actor object contains details about the user, role, application, service, |
yes |
| RdpActivity |
Remote Desktop Protocol (RDP) Activity events report post-authentication remo... |
yes |
| Process |
The Process object describes a running instance of a launched program |
yes |
| LinuxProcess |
Extends the process object to add Linux specific fields |
no |
| QueryEvidence |
The specific resulting evidence information that was queried or discovered |
yes |
| Evidences |
A collection of evidence artifacts associated to the activity/activities that |
yes |
| WindowsQueryEvidence |
The resulting evidence information that was queried |
no |
| UserInventory |
User Inventory Info events report user inventory data that is either logged o... |
yes |
| AccountChange |
Account Change events report when specific user account management tasks are |
yes |
| GroupManagement |
Group Management events report management updates to a group, including updat... |
yes |
| TunnelActivity |
Tunnel Activity events report secure tunnel establishment (such as VPN), |
yes |
| Authentication |
Authentication events report authentication session activities, including use... |
yes |
| IamAnalysisFinding |
This finding represents an IAM analysis result, which evaluates IAM policies, |
yes |
| Job |
The Job object provides information about a scheduled job or task, including |
yes |
| AuthorizeSession |
Authorize Session events report privileges or groups assigned to a new user |
yes |
| MacosProcess |
Extends the process object to add macOS specific fields |
no |
| WindowsEvidences |
Extends the evidences object to add Windows specific fields |
no |