Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (3)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.file.name File name associated with the event. | ngs.defence.filePath | strings |
gen.file.path Full file path associated with the event. | ngs.defence.filePath | strings |
gen.av.infectionName Name of the detected infection or malware. | ngs.defence.virusName | strings |
Reference-Specific Fields (9)
| Field | Type |
|---|---|
ngs.defence.engine | string |
ngs.defence.filePath | text_generals |
ngs.defence.foundAt | pdate |
ngs.defence.quarantineFilePath | text_generals |
ngs.defence.rawVirusName | text_generals |
ngs.defence.reportTimestamp | pdate |
ngs.defence.resolved | boolean |
ngs.defence.source | text_generals |
ngs.defence.virusName | text_generals |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.