Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (7)
| Field | Type |
|---|---|
activeDirectory.id | strings |
activeDirectory.userPrincipalName | strings |
activeDirectory.displayName | strings |
activeDirectory.mail | strings |
activeDirectory.department | strings |
activeDirectory.groups | strings |
activeDirectory.roles | strings |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.