The Enrichment object provides inline enrichment data for specific attributes of interest within an event. It serves as a mechanism to enhance or supplement the information associated with the event by adding additional relevant details or context.
Attributes
Section titled “Attributes”data
- Type:
json_t - Requirement: required
The enrichment data associated with the attribute and value. The meaning of this data depends on the type the enrichment record.
name
- Type:
string_t - Requirement: required
The name of the attribute to which the enriched data pertains.
value
- Type:
string_t - Requirement: required
The value of the attribute to which the enriched data pertains.
created_time
- Type:
timestamp_t - Requirement: recommended
The time when the enrichment data was generated.
provider
- Type:
string_t - Requirement: recommended
The enrichment data provider name.
short_desc
- Type:
string_t - Requirement: recommended
A short description of the enrichment data.
src_url
- Type:
url_t - Requirement: recommended
The URL of the source of the enrichment data.
type
- Type:
string_t - Requirement: recommended
The enrichment type. For example: location.
created_time_dt
- Type:
datetime_t - Requirement: optional
The time when the enrichment data was generated.
desc
- Type:
string_t - Requirement: optional
A long description of the enrichment data.
reputation
- Type:
reputation - Requirement: optional
The reputation of the enrichment data.
Used By
Section titled “Used By”account_changeadmin_group_queryapi_activityapplication_lifecycleauthenticationauthorize_sessionbase_eventcompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_logfile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityincident_findinginventory_infojob_querykernel_activitykernel_extensionkernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activitypatch_stateperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/resource_activitywin/win_service_activity