Generic
Catch-all reference for custom or unclassified events that still need to be searchable inside the SIEM.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (73)
| Field | Type |
|---|---|
gen.src.port | pint |
gen.dest.port | pint |
gen.hostname | text_general |
gen.username | text_general |
gen.av.infectionName | string [] |
gen.av.infectionCategory | string [] |
gen.av.action | string [] |
gen.av.status | string [] |
gen.dns.domain | string [] |
gen.dns.record | string [] |
gen.dns.server | string [] |
gen.file.name | string [] |
gen.file.path | string [] |
gen.firewall.bytesSent | plong |
gen.firewall.bytesReceived | plong |
gen.firewall.direction | string [] |
gen.firewall.rule | string [] |
gen.firewall.action | string [] |
gen.mail.sender | string [] |
gen.mail.subject | string [] |
gen.mail.size | plong |
gen.mail.receiver | string [] |
gen.process.process | string |
gen.process.pid | pint |
gen.process.commandline | string |
gen.process.parent.process | string |
gen.process.parent.pid | pint |
gen.process.parent.commandline | string |
gen.process.action | string [] |
gen.process.privileges | string [] |
gen.proxy.endpoint | string |
gen.proxy.httpStatus | pint |
gen.proxy.bytesSent | pint |
gen.proxy.bytesReceived | pint |
gen.proxy.method | string |
gen.proxy.referrer | string |
gen.proxy.userAgent | string |
gen.group | string [] |
gen.src.mac | string |
gen.dest.mac | string |
gen.severity | string [] |
gen.facility | string |
gen.product | string [] |
gen.vendor | string [] |
gen.protocol | string [] |
gen.src.interface | string [] |
gen.dest.interface | string [] |
gen.ssid | string [] |
gen.signatures.malicious | boolean |
gen.signatures.category | string [] |
gen.signatures.source | string [] |
gen.dest.geoip.code | string |
gen.dest.geoip.country | text_general |
gen.dest.geoip.city | text_general |
gen.dest.geoip.organisation | text_general |
gen.dest.geoip.continent | text_general |
gen.dest.ip | text_general |
gen.dest.ipIsInternal | boolean |
gen.dest.ipIsIPv4 | boolean |
gen.src.geoip.code | string |
gen.src.geoip.country | text_general |
gen.src.geoip.city | text_general |
gen.src.geoip.organisation | text_general |
gen.src.geoip.continent | text_general |
gen.src.ip | text_general |
gen.src.ipIsInternal | boolean |
gen.src.ipIsIPv4 | boolean |
gen.src.badip.is | boolean |
gen.dest.badip.is | boolean |
gen.src.badip.category | string [] |
gen.dest.badip.category | string [] |
gen.src.badip.source | string [] |
gen.dest.badip.source | string [] |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.