associated_category |
|
keyword |
TBD: Not sure if this is useful |
associated_hash |
6f9efb466e043b9f3635827ce446e13c |
keyword |
All associated md5,sha1,sha256,sha512,imp hashes from a log message |
associated_host |
10.1.2.3,corpdc01,corpdc01.corpdomain.local |
keyword |
FUTURE: copy of any identifying host information - IP, Hostname, etc. from a log message, not implmented yet. |
associated_ip |
10.1.2.3,fe80:5cc3:11:4::2c |
ip |
Associated IP addresses for a log message |
associated_mac |
a0:b4:44:01:a9:d1 |
keyword |
Associated MAC addresses for a log message, colon-delimited and lower case |
associated_session_id |
0xa72c |
keyword |
Associated session IDs for a log message |
associated_user_id |
999,S-1-5-18 |
keyword |
This will be a field that maps to all user ID values (uids, SIDs, etc.) that are associated with a user context. This can/may eventually be populated from the user framework. |
associated_user_name |
administrator,administrator@corp.local |
keyword (normalized:loweronly) |
Any associated/alternate user ID or email, can be a set of multiple values. |