The Enrichment object provides inline enrichment data for specific attributes of interest within an event. It serves as a mechanism to enhance or supplement the information associated with the event by adding additional relevant details or context.
Attributes
Section titled “Attributes”data
- Type:
json_t - Requirement: required
The enrichment data associated with the attribute and value. The meaning of this data depends on the type the enrichment record.
name
- Type:
string_t - Requirement: required
The name of the attribute to which the enriched data pertains.
value
- Type:
string_t - Requirement: required
The value of the attribute to which the enriched data pertains.
provider
- Type:
string_t - Requirement: recommended
The enrichment data provider name.
type
- Type:
string_t - Requirement: recommended
The enrichment type. For example: location.
Used By
Section titled “Used By”account_changeadmin_group_queryapi_activityapplication_lifecycleauthenticationauthorize_sessionbase_eventcompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activityemail_activityemail_file_activityemail_url_activityentity_managementfile_activityfile_hostingfile_queryfolder_queryftp_activitygroup_managementhttp_activityincident_findinginventory_infojob_querykernel_activitykernel_extensionkernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetworks_queryntp_activitypatch_stateperipheral_device_queryprocess_activityprocess_queryrdp_activityscan_activityscheduled_job_activitysecurity_findingservice_querysession_querysmb_activityssh_activitytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/resource_activity