Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (5)
| Field | Type |
|---|---|
mitre.id MITRE ATT&CK identifier of the technique or sub-technique (e.g., "T1059"). | string |
mitre.name Human-readable name of the technique or tactic. | text_general |
mitre.sub Sub-technique identifier, if applicable (e.g., "T1059.001"). | string |
mitre.tactics Array of ATT&CK tactic identifiers associated with the object. | text_generals |
mitre.type Record type categorising the ATT&CK object (e.g., tactic, technique, sub-technique). | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.