The Enrichment object provides inline enrichment data for specific attributes of interest within an event. It serves as a mechanism to enhance or supplement the information associated with the event by adding additional relevant details or context.
Attributes
Section titled “Attributes”data
- Type:
json_t - Requirement: required
The enrichment data associated with the attribute and value. The meaning of this data depends on the type the enrichment record.
name
- Type:
string_t - Requirement: required
The name of the attribute to which the enriched data pertains.
value
- Type:
string_t - Requirement: required
The value of the attribute to which the enriched data pertains.
provider
- Type:
string_t - Requirement: recommended
The enrichment data provider name.
type
- Type:
string_t - Requirement: recommended
The enrichment type. For example: location.
Used By
Section titled “Used By”account_changeapi_activityapplication_lifecycleauthenticationauthorize_sessionbase_eventconfig_statedhcp_activitydns_activityemail_activityemail_file_activityemail_url_activityentity_managementfile_activityftp_activitygroup_managementhttp_activityinventory_infokernel_activitykernel_extensionmemory_activitymodule_activitynetwork_activitynetwork_file_activityprocess_activityrdp_activityscheduled_job_activitysecurity_findingsmb_activityssh_activityuser_accessweb_resource_access_activityweb_resources_activitywin/registry_key_activitywin/registry_value_activitywin/resource_activity