Enginsight Advanced Persistent Threats
Enginsight APT detection logs highlighting suspected advanced threat behaviors, including anomalous process chains, lateral movement attempts and flagged indicators of compromise.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (12)
| Field | Type |
|---|---|
ngs.apt.location | string |
ngs.apt.planId | string |
ngs.apt.planName | text_general |
ngs.apt.ruleId | string |
ngs.apt.ruleName | text_general |
ngs.apt.scanId | string |
ngs.apt.scanName | text_general |
ngs.apt.scanAlias | text_general |
ngs.apt.severity | string |
ngs.apt.md5 | string |
ngs.apt.sha1 | string |
ngs.apt.sha256 | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.