The Enrichment object provides inline enrichment data for specific attributes of interest within an event. It serves as a mechanism to enhance or supplement the information associated with the event by adding additional relevant details or context.
Attributes
Section titled “Attributes”data
- Type:
json_t - Requirement: required
The enrichment data associated with the attribute and value. The meaning of this data depends on the type the enrichment record.
name
- Type:
string_t - Requirement: required
The name of the attribute to which the enriched data pertains.
value
- Type:
string_t - Requirement: required
The value of the attribute to which the enriched data pertains.
provider
- Type:
string_t - Requirement: recommended
The enrichment data provider name.
type
- Type:
string_t - Requirement: recommended
The enrichment type. For example: location.
Used By
Section titled “Used By”account_changeapi_activityapplication_lifecycleauthenticationauthorize_sessionbase_eventcompliance_findingconfig_statedatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activityemail_activityemail_file_activityemail_url_activityentity_managementfile_activityfile_hostingftp_activitygroup_managementhttp_activityincident_findinginventory_infokernel_activitykernel_extensionmemory_activitymodule_activitynetwork_activitynetwork_file_activityntp_activitypatch_stateprocess_activityrdp_activityscan_activityscheduled_job_activitysecurity_findingsmb_activityssh_activityuser_accessuser_inventoryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_infowin/registry_key_activitywin/registry_key_infowin/registry_value_activitywin/registry_value_infowin/resource_activity