Cynerio
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (4)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.dest.ip Destination IP address. | cynerio.dst_ip | text_general |
gen.src.ip Source IP address. | cynerio.src_ip | text_general |
gen.av.infectionName Name of the detected infection or malware. | cynerio.tags_malware | strings |
gen.hostname Normalized hostname of the system generating the log. | cynerio.display_name | text_general |
Reference-Specific Fields (63)
| Field | Type |
|---|---|
cynerio.endpoints.country | strings |
cynerio.endpoints.provider_name | strings |
cynerio.endpoints.type_display_name | strings |
cynerio.endpoints.ip | strings |
cynerio.endpoints.asset_id | strings |
cynerio.endpoints.direction | strings |
cynerio.endpoints.ip_type | strings |
cynerio.endpoints.type | strings |
cynerio.assignee | string |
cynerio.benign | boolean |
cynerio.comment | text_general |
cynerio.created_on | pdate |
cynerio.description | text_general |
cynerio.dst_ip | strings |
cynerio.dst_type | strings |
cynerio.first_security_event_date | pdate |
cynerio.incident_id | string |
cynerio.last_security_event_date | pdate |
cynerio.last_updated | pdate |
cynerio.score | pfloat |
cynerio.security_events_ids | strings |
cynerio.sos_actions | strings |
cynerio.src_ip | strings |
cynerio.src_type | strings |
cynerio.status | string |
cynerio.title | text_general |
cynerio.confidentiality_score | string |
cynerio.tags_exploit_code_maturity | string |
cynerio.nhs_threat_id | string |
cynerio.category | string |
cynerio.device_class | string |
cynerio.availability_score | string |
cynerio.tags_lateral_movement | boolean |
cynerio.impact_confidentiality | string |
cynerio.has_malware | boolean |
cynerio.impact_patient_safety | string |
cynerio.tags_exploited_in_the_wild | boolean |
cynerio.impact_service_disruption | string |
cynerio.vlan | pint |
cynerio.type_display_name | string |
cynerio.risk_group | string |
cynerio.name | string |
cynerio.risk_type_display_name | string |
cynerio.epss | pfloat |
cynerio.latest_status_update | pdate |
cynerio.integrity_score | string |
cynerio.type | string |
cynerio.tags_easy_to_weaponize | boolean |
cynerio.response | string |
cynerio.site | string |
cynerio.tags_malware | strings |
cynerio.display_name | string |
cynerio.id | string |
cynerio.nhs_published_date | pdate |
cynerio.nhs_severity | string |
cynerio.link | strings |
cynerio.cvss | pfloat |
cynerio.detected_on | pdate |
cynerio.status_display_name | string |
cynerio.risk_score_level | string |
cynerio.risk_score | pfloat |
cynerio.asset_id | string |
cynerio.risk_id | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.