Correlate Threat Defense Event Fields and Column Names
On the CDO Event Logging page, you can click on any event to expand its details and view all the associated event fields. Note that the names of some event fields may differ from those of the column headers in the CDO event viewer where the values of these fields are displayed. The table below lists those threat defense event fields that have differing column names and provides a comparison between the threat defense event field and the respective column name.
|
CDO Column Name |
FTD Event Field |
|---|---|
|
Date/Time |
Timestamp |
|
Detection Type |
ClientAppDetector |
|
Encrypted Visibility Fingerprint |
EVE_Fingerprint |
|
Encrypted Visibility Process Name |
EVE_Process |
|
Encrypted Visibility Process Confidence Score |
EVE_ProcessConfidencePct |
|
Encrypted Visibility Threat Confidence |
EVE_ThreatConfidenceIndex |
|
Encrypted Visibility Threat Confidence Score |
EVE_ThreatConfidencePct |
|
MITRE |
MitreAttackGroups |
|
NAT Source IP |
NAT_InitiatorIP |
|
NAT Source Port |
NAT_InitiatorPort |
|
Rule Group |
SnortRuleGroups |