diff --git a/.script/tests/KqlvalidationsTests/CustomTables/imNetworkSession.json b/.script/tests/KqlvalidationsTests/CustomTables/imNetworkSession.json index 71969511bc..2286665596 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/imNetworkSession.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/imNetworkSession.json @@ -1,505 +1,386 @@ { - "Name": "imNetworkSession", - "Properties": [ - { - "Name": "TenantId", - "Type": "string" - }, - { - "Name": "EventType", - "Type": "string" - }, - { - "Name": "EventSubType", - "Type": "string" - }, - { - "Name": "EventCount", - "Type": "int" - }, - { - "Name": "EventEndTime", - "Type": "datetime" - }, - { - "Name": "EventMessage", - "Type": "string" - }, - { - "Name": "DvcIpAddr", - "Type": "string" - }, - { - "Name": "DvcMacAddr", - "Type": "string" - }, - { - "Name": "DvcHostname", - "Type": "string" - }, - { - "Name": "EventProduct", - "Type": "string" - }, - { - "Name": "EventProductVersion", - "Type": "string" - }, - { - "Name": "EventResourceId", - "Type": "string" - }, - { - "Name": "EventReportUrl", - "Type": "string" - }, - { - "Name": "EventVendor", - "Type": "string" - }, - { - "Name": "EventResult", - "Type": "string" - }, - { - "Name": "EventResultDetails", - "Type": "string" - }, - { - "Name": "EventSchemaVersion", - "Type": "string" - }, - { - "Name": "EventSeverity", - "Type": "string" - }, - { - "Name": "EventOriginalUid", - "Type": "string" - }, - { - "Name": "EventStartTime", - "Type": "datetime" - }, - { - "Name": "TimeGenerated", - "Type": "datetime" - }, - { - "Name": "EventTimeIngested", - "Type": "datetime" - }, - { - "Name": "EventUid", - "Type": "string" - }, - { - "Name": "NetworkApplicationProtocol", - "Type": "string" - }, - { - "Name": "DstBytes", - "Type": "long" - }, - { - "Name": "SrcBytes", - "Type": "long" - }, - { - "Name": "NetworkBytes", - "Type": "long" - }, - { - "Name": "NetworkDirection", - "Type": "string" - }, - { - "Name": "DstGeoCity", - "Type": "string" - }, - { - "Name": "DstGeoCountry", - "Type": "string" - }, - { - "Name": "DstDvcHostname", - "Type": "string" - }, - { - "Name": "DstDvcFqdn", - "Type": "string" - }, - { - "Name": "DstDomainHostname", - "Type": "string" - }, - { - "Name": "DstInterfaceName", - "Type": "string" - }, - { - "Name": "DstInterfaceGuid", - "Type": "string" - }, - { - "Name": "DstIpAddr", - "Type": "string" - }, - { - "Name": "DstDvcIpAddr", - "Type": "string" - }, - { - "Name": "DstGeoLatitude", - "Type": "real" - }, - { - "Name": "DstMacAddr", - "Type": "string" - }, - { - "Name": "DstDvcMacAddr", - "Type": "string" - }, - { - "Name": "DstDvcDomain", - "Type": "string" - }, - { - "Name": "DstPortNumber", - "Type": "int" - }, - { - "Name": "DstGeoRegion", - "Type": "string" - }, - { - "Name": "DstResourceId", - "Type": "string" - }, - { - "Name": "DstNatIpAddr", - "Type": "string" - }, - { - "Name": "DstNatPortNumber", - "Type": "int" - }, - { - "Name": "DstUserSid", - "Type": "string" - }, - { - "Name": "DstUserAadId", - "Type": "string" - }, - { - "Name": "DstUserName", - "Type": "string" - }, - { - "Name": "DstUserUpn", - "Type": "string" - }, - { - "Name": "DstUserDomain", - "Type": "string" - }, - { - "Name": "DstZone", - "Type": "string" - }, - { - "Name": "DstGeoLongitude", - "Type": "real" - }, - { - "Name": "DvcAction", - "Type": "string" - }, - { - "Name": "DvcInboundInterface", - "Type": "string" - }, - { - "Name": "DvcOutboundInterface", - "Type": "string" - }, - { - "Name": "NetworkDuration", - "Type": "int" - }, - { - "Name": "NetworkIcmpCode", - "Type": "int" - }, - { - "Name": "NetworkIcmpType", - "Type": "string" - }, - { - "Name": "DstPackets", - "Type": "long" - }, - { - "Name": "SrcPackets", - "Type": "long" - }, - { - "Name": "NetworkPackets", - "Type": "long" - }, - { - "Name": "HttpRequestTime", - "Type": "int" - }, - { - "Name": "HttpResponseTime", - "Type": "int" - }, - { - "Name": "NetworkRuleName", - "Type": "string" - }, - { - "Name": "NetworkRuleNumber", - "Type": "int" - }, - { - "Name": "NetworkSessionId", - "Type": "string" - }, - { - "Name": "SrcGeoCity", - "Type": "string" - }, - { - "Name": "SrcGeoCountry", - "Type": "string" - }, - { - "Name": "SrcDvcHostname", - "Type": "string" - }, - { - "Name": "SrcDvcFqdn", - "Type": "string" - }, - { - "Name": "SrcDvcDomain", - "Type": "string" - }, - { - "Name": "SrcDvcOs", - "Type": "string" - }, - { - "Name": "SrcDvcModelName", - "Type": "string" - }, - { - "Name": "SrcDvcModelNumber", - "Type": "string" - }, - { - "Name": "SrcDvcType", - "Type": "string" - }, - { - "Name": "SrcInterfaceName", - "Type": "string" - }, - { - "Name": "SrcInterfaceGuid", - "Type": "string" - }, - { - "Name": "SrcIpAddr", - "Type": "string" - }, - { - "Name": "SrcDvcIpAddr", - "Type": "string" - }, - { - "Name": "SrcGeoLatitude", - "Type": "real" - }, - { - "Name": "SrcGeoLongitude", - "Type": "real" - }, - { - "Name": "SrcMacAddr", - "Type": "string" - }, - { - "Name": "SrcDvcMacAddr", - "Type": "string" - }, - { - "Name": "SrcPortNumber", - "Type": "int" - }, - { - "Name": "SrcGeoRegion", - "Type": "string" - }, - { - "Name": "SrcResourceId", - "Type": "string" - }, - { - "Name": "SrcNatIpAddr", - "Type": "string" - }, - { - "Name": "SrcNatPortNumber", - "Type": "int" - }, - { - "Name": "SrcUserSid", - "Type": "string" - }, - { - "Name": "SrcUserAadId", - "Type": "string" - }, - { - "Name": "SrcUserName", - "Type": "string" - }, - { - "Name": "SrcUserUpn", - "Type": "string" - }, - { - "Name": "SrcUserDomain", - "Type": "string" - }, - { - "Name": "SrcZone", - "Type": "string" - }, - { - "Name": "NetworkProtocol", - "Type": "string" - }, - { - "Name": "CloudAppName", - "Type": "string" - }, - { - "Name": "CloudAppId", - "Type": "string" - }, - { - "Name": "CloudAppOperation", - "Type": "string" - }, - { - "Name": "CloudAppRiskLevel", - "Type": "string" - }, - { - "Name": "FileName", - "Type": "string" - }, - { - "Name": "FilePath", - "Type": "string" - }, - { - "Name": "FileHashMd5", - "Type": "string" - }, - { - "Name": "FileHashSha1", - "Type": "string" - }, - { - "Name": "FileHashSha256", - "Type": "string" - }, - { - "Name": "FileHashSha512", - "Type": "string" - }, - { - "Name": "FileExtension", - "Type": "string" - }, - { - "Name": "FileMimeType", - "Type": "string" - }, - { - "Name": "FileSize", - "Type": "int" - }, - { - "Name": "HttpVersion", - "Type": "string" - }, - { - "Name": "HttpRequestMethod", - "Type": "string" - }, - { - "Name": "HttpStatusCode", - "Type": "string" - }, - { - "Name": "HttpContentType", - "Type": "string" - }, - { - "Name": "HttpReferrerOriginal", - "Type": "string" - }, - { - "Name": "HttpUserAgentOriginal", - "Type": "string" - }, - { - "Name": "HttpRequestXff", - "Type": "string" - }, - { - "Name": "UrlCategory", - "Type": "string" - }, - { - "Name": "UrlOriginal", - "Type": "string" - }, - { - "Name": "UrlHostname", - "Type": "string" - }, - { - "Name": "ThreatCategory", - "Type": "string" - }, - { - "Name": "ThreatId", - "Type": "string" - }, - { - "Name": "ThreatName", - "Type": "string" - }, - { - "Name": "AdditionalFields", - "Type": "dynamic" - }, - { - "Name": "SourceSystem", - "Type": "string" - }, - { - "Name": "Type", - "Type": "string" + "Name": "imNetworkSession", + "Properties": [{ + "Name": "TimeGenerated", + "Type": "datetime" + }, { + "Name": "_ResourceId", + "Type": "string" + }, { + "Name": "Type", + "Type": "string" + }, { + "Name": "EventMessage", + "Type": "string" + }, { + "Name": "EventCount", + "Type": "int" + }, { + "Name": "EventStartTime", + "Type": "datetime" + }, { + "Name": "EventEndTime", + "Type": "datetime" + }, { + "Name": "EventType", + "Type": "string" + }, { + "Name": "EventSubType", + "Type": "string" + }, { + "Name": "EventResult", + "Type": "string" + }, { + "Name": "EventResultDetails", + "Type": "string" + }, { + "Name": "EventOriginalResultDetails", + "Type": "string" + }, { + "Name": "EventSeverity", + "Type": "string" + }, { + "Name": "EventOriginalSeverity", + "Type": "string" + }, { + "Name": "EventOriginalUid", + "Type": "string" + }, { + "Name": "EventOriginalType", + "Type": "string" + }, { + "Name": "EventProduct", + "Type": "string" + }, { + "Name": "EventProductVersion", + "Type": "string" + }, { + "Name": "EventVendor", + "Type": "string" + }, { + "Name": "EventSchema", + "Type": "string" + }, { + "Name": "EventSchemaVersion", + "Type": "string" + }, { + "Name": "EventReportUrl", + "Type": "string" + }, { + "Name": "Dvc", + "Type": "string" + }, { + "Name": "DvcIpAddr", + "Type": "string" + }, { + "Name": "DvcHostname", + "Type": "string" + }, { + "Name": "DvcDomain", + "Type": "string" + }, { + "Name": "DvcDomainType", + "Type": "string" + }, { + "Name": "DvcFQDN", + "Type": "string" + }, { + "Name": "DvcId", + "Type": "string" + }, { + "Name": "DvcIdType", + "Type": "string" + }, { + "Name": "DvcMacAddr", + "Type": "string" + }, { + "Name": "DvcZone", + "Type": "string" + }, { + "Name": "Dst", + "Type": "string" + }, { + "Name": "DstIpAddr", + "Type": "string" + }, { + "Name": "DstPortNumber", + "Type": "int" + }, { + "Name": "DstHostname", + "Type": "string" + }, { + "Name": "Hostname", + "Type": "string" + }, { + "Name": "DstDomain", + "Type": "string" + }, { + "Name": "DstDomainType", + "Type": "string" + }, { + "Name": "DstFQDN", + "Type": "string" + }, { + "Name": "DstDvcId", + "Type": "string" + }, { + "Name": "DstDvcIdType", + "Type": "string" + }, { + "Name": "DstDeviceType", + "Type": "string" + }, { + "Name": "DstUserId", + "Type": "string" + }, { + "Name": "DstUserIdType", + "Type": "string" + }, { + "Name": "DstUsername", + "Type": "string" + }, { + "Name": "User", + "Type": "string" + }, { + "Name": "DstUsernameType", + "Type": "string" + }, { + "Name": "DstUserType", + "Type": "string" + }, { + "Name": "DstOriginalUserType", + "Type": "string" + }, { + "Name": "DstUserDomain", + "Type": "string" + }, { + "Name": "DstAppName", + "Type": "string" + }, { + "Name": "DstAppId", + "Type": "string" + }, { + "Name": "DstAppType", + "Type": "string" + }, { + "Name": "DstZone", + "Type": "string" + }, { + "Name": "DstInterfaceName", + "Type": "string" + }, { + "Name": "DstInterfaceGuid", + "Type": "string" + }, { + "Name": "DstMacAddr", + "Type": "string" + }, { + "Name": "DstGeoCountry", + "Type": "string" + }, { + "Name": "DstGeoCity", + "Type": "string" + }, { + "Name": "DstGeoLatitude", + "Type": "string" + }, { + "Name": "DstGeoLongitude", + "Type": "string" + }, { + "Name": "Src", + "Type": "string" + }, { + "Name": "SrcIpAddr", + "Type": "string" + }, { + "Name": "SrcPortNumber", + "Type": "int" + }, { + "Name": "SrcHostname", + "Type": "string" + }, { + "Name": "SrcDomain", + "Type": "string" + }, { + "Name": "SrcDomainType", + "Type": "string" + }, { + "Name": "SrcFQDN", + "Type": "string" + }, { + "Name": "SrcDvcId", + "Type": "string" + }, { + "Name": "SrcDvcIdType", + "Type": "string" + }, { + "Name": "SrcDeviceType", + "Type": "string" + }, { + "Name": "SrcUserId", + "Type": "string" + }, { + "Name": "SrcUserIdType", + "Type": "string" + }, { + "Name": "SrcUsername", + "Type": "string" + }, { + "Name": "SrcUsernameType", + "Type": "string" + }, { + "Name": "SrcUserType", + "Type": "string" + }, { + "Name": "SrcOriginalUserType", + "Type": "string" + }, { + "Name": "SrcUserDomain", + "Type": "string" + }, { + "Name": "SrcAppName", + "Type": "string" + }, { + "Name": "SrcAppId", + "Type": "string" + }, { + "Name": "IpAddr", + "Type": "string" + }, { + "Name": "SrcAppType", + "Type": "string" + }, { + "Name": "SrcZone", + "Type": "string" + }, { + "Name": "SrcInterfaceName", + "Type": "string" + }, { + "Name": "SrcInterfaceGuid", + "Type": "string" + }, { + "Name": "SrcMacAddr", + "Type": "string" + }, { + "Name": "SrcGeoCountry", + "Type": "string" + }, { + "Name": "SrcGeoCity", + "Type": "string" + }, { + "Name": "SrcGeoLatitude", + "Type": "string" + }, { + "Name": "SrcGeoLongitude", + "Type": "string" + }, { + "Name": "NetworkApplicationProtocol", + "Type": "string" + }, { + "Name": "NetworkProtocol", + "Type": "string" + }, { + "Name": "NetworkDirection", + "Type": "string" + }, { + "Name": "NetworkDuration", + "Type": "int" + }, { + "Name": "Duration", + "Type": "int" + }, { + "Name": "NetworkIcmpCode", + "Type": "int" + }, { + "Name": "NetworkIcmpType", + "Type": "string" + }, { + "Name": "DstBytes", + "Type": "int" + }, { + "Name": "SrcBytes", + "Type": "int" + }, { + "Name": "NetworkBytes", + "Type": "int" + }, { + "Name": "DstPackets", + "Type": "int" + }, { + "Name": "SrcPackets", + "Type": "int" + }, { + "Name": "NetworkPackets", + "Type": "int" + }, { + "Name": "NetworkSessionId", + "Type": "string" + }, { + "Name": "SessionId", + "Type": "string" + }, { + "Name": "NetworkConnectionHistory", + "Type": "string" + }, { + "Name": "SrcVlanId", + "Type": "string" + }, { + "Name": "DstVlanId", + "Type": "string" + }, { + "Name": "InnerVlanId", + "Type": "string" + }, { + "Name": "OuterVlanId", + "Type": " string" + }, { + "Name": "DstNatIpAddr", + "Type": "string" + }, { + "Name": "DstNatPortNumber", + "Type": "int" + }, { + "Name": "SrcNatIpAddr", + "Type": "string" + }, { + "Name": "SrcNatPortNumber", + "Type": "int" + }, { + "Name": "DvcInboundInterface", + "Type": "string" + }, { + "Name": "DvcOutboundInterface", + "Type": "string" + }, { + "Name": "NetworkRuleName", + "Type": "string" + }, { + "Name": "NetworkRuleNumber", + "Type": "int" + }, { + "Name": "Rule", + "Type": "string" + }, { + "Name": "DvcAction", + "Type": "string" + }, { + "Name": "DvcOriginalAction", + "Type": "string" + }, { + "Name": "ThreatId", + "Type": "string" + }, { + "Name": "ThreatName", + "Type": "string" + }, { + "Name": "ThreatCategory", + "Type": "string" + }, { + "Name": "ThreatRiskLevel", + "Type": "int" + }, { + "Name": "ThreatRiskLevelOriginal", + "Type": "string" } - ] - } \ No newline at end of file + ] +} diff --git a/.script/tests/KqlvalidationsTests/CustomTables/imWebSession.json b/.script/tests/KqlvalidationsTests/CustomTables/imWebSession.json new file mode 100644 index 0000000000..7ba17fe252 --- /dev/null +++ b/.script/tests/KqlvalidationsTests/CustomTables/imWebSession.json @@ -0,0 +1,449 @@ +{ + "Name": "imNetworkSession", + "Properties": [{ + "Name": "TimeGenerated", + "Type": "datetime" + }, { + "Name": "_ResourceId", + "Type": "string" + }, { + "Name": "Type", + "Type": "string" + }, { + "Name": "EventMessage", + "Type": "string " + }, { + "Name": "EventCount", + "Type": "int " + }, { + "Name": "EventStartTime", + "Type": "datetime " + }, { + "Name": "EventEndTime", + "Type": "datetime " + }, { + "Name": "EventType", + "Type": "string " + }, { + "Name": "EventSubType", + "Type": "string " + }, { + "Name": "EventResult", + "Type": "string " + }, { + "Name": "EventResultDetails", + "Type": "string " + }, { + "Name": "EventOriginalResultDetails", + "Type": "string " + }, { + "Name": "EventSeverity", + "Type": "string " + }, { + "Name": "EventOriginalSeverity", + "Type": "string " + }, { + "Name": "EventOriginalUid", + "Type": "string " + }, { + "Name": "EventOriginalType", + "Type": "string " + }, { + "Name": "EventProduct", + "Type": "string " + }, { + "Name": "EventProductVersion", + "Type": "string " + }, { + "Name": "EventVendor", + "Type": "string " + }, { + "Name": "EventSchema", + "Type": "string " + }, { + "Name": "EventSchemaVersion", + "Type": "string " + }, { + "Name": "EventReportUrl", + "Type": "string " + }, { + "Name": "Dvc", + "Type": "string " + }, { + "Name": "DvcIpAddr", + "Type": "string " + }, { + "Name": "DvcHostname", + "Type": "string " + }, { + "Name": "DvcDomain", + "Type": "string " + }, { + "Name": "DvcDomainType", + "Type": "string " + }, { + "Name": "DvcFQDN", + "Type": "string " + }, { + "Name": "DvcId", + "Type": "string " + }, { + "Name": "DvcIdType", + "Type": "string " + }, { + "Name": "DvcMacAddr", + "Type": "string " + }, { + "Name": "DvcZone", + "Type": "string " + }, { + "Name": "DvcAction", + "Type": "string " + }, { + "Name": "DvcOriginalAction", + "Type": "string " + }, { + "Name": "Dst", + "Type": "string " + }, { + "Name": "DstIpAddr", + "Type": "string " + }, { + "Name": "DstPortNumber", + "Type": "int " + }, { + "Name": "DstHostname", + "Type": "string " + }, { + "Name": "Hostname", + "Type": "string " + }, { + "Name": "DstDomain", + "Type": "string " + }, { + "Name": "DstDomainType", + "Type": "string " + }, { + "Name": "DstFQDN", + "Type": "string " + }, { + "Name": "DstDvcId", + "Type": "string " + }, { + "Name": "DstDvcIdType", + "Type": "string " + }, { + "Name": "DstDeviceType", + "Type": "string " + }, { + "Name": "DstUserId", + "Type": "string " + }, { + "Name": "DstUserIdType", + "Type": "string " + }, { + "Name": "DstUsername", + "Type": "string " + }, { + "Name": "User", + "Type": "string " + }, { + "Name": "DstUsernameType", + "Type": "string " + }, { + "Name": "DstUserType", + "Type": "string " + }, { + "Name": "DstOriginalUserType", + "Type": "string " + }, { + "Name": "DstUserDomain", + "Type": "string " + }, { + "Name": "DstAppName", + "Type": "string " + }, { + "Name": "DstAppId", + "Type": "string " + }, { + "Name": "DstAppType", + "Type": "string " + }, { + "Name": "DstZone", + "Type": "string " + }, { + "Name": "DstInterfaceName", + "Type": "string " + }, { + "Name": "DstInterfaceGuid", + "Type": "string " + }, { + "Name": "DstMacAddr", + "Type": "string " + }, { + "Name": "DstGeoCountry", + "Type": "string " + }, { + "Name": "DstGeoCity", + "Type": "string " + }, { + "Name": "DstGeoLatitude", + "Type": "string " + }, { + "Name": "DstGeoLongitude", + "Type": "string " + }, { + "Name": "Src", + "Type": "string " + }, { + "Name": "SrcIpAddr", + "Type": "string " + }, { + "Name": "SrcPortNumber", + "Type": "int " + }, { + "Name": "SrcHostname", + "Type": "string " + }, { + "Name": "SrcDomain", + "Type": "string " + }, { + "Name": "SrcDomainType", + "Type": "string " + }, { + "Name": "SrcFQDN", + "Type": "string " + }, { + "Name": "SrcDvcId", + "Type": "string " + }, { + "Name": "SrcDvcIdType", + "Type": "string " + }, { + "Name": "SrcDeviceType", + "Type": "string " + }, { + "Name": "SrcUserId", + "Type": "string " + }, { + "Name": "SrcUserIdType", + "Type": "string " + }, { + "Name": "SrcUsername", + "Type": "string " + }, { + "Name": "SrcUsernameType", + "Type": "string " + }, { + "Name": "SrcUserType", + "Type": "string " + }, { + "Name": "SrcOriginalUserType", + "Type": "string " + }, { + "Name": "SrcUserDomain", + "Type": "string " + }, { + "Name": "SrcAppName", + "Type": "string " + }, { + "Name": "SrcAppId", + "Type": "string " + }, { + "Name": "IpAddr", + "Type": "string " + }, { + "Name": "SrcAppType", + "Type": "string " + }, { + "Name": "SrcZone", + "Type": "string " + }, { + "Name": "SrcInterfaceName", + "Type": "string " + }, { + "Name": "SrcInterfaceGuid", + "Type": "string " + }, { + "Name": "SrcMacAddr", + "Type": "string " + }, { + "Name": "SrcGeoCountry", + "Type": "string " + }, { + "Name": "SrcGeoCity", + "Type": "string " + }, { + "Name": "SrcGeoLatitude", + "Type": "string " + }, { + "Name": "SrcGeoLongitude", + "Type": "string " + }, { + "Name": "NetworkApplicationProtocol", + "Type": "string " + }, { + "Name": "NetworkProtocol", + "Type": "string " + }, { + "Name": "NetworkDirection", + "Type": "string " + }, { + "Name": "NetworkDuration", + "Type": "int " + }, { + "Name": "Duration", + "Type": "int " + }, { + "Name": "NetworkIcmpCode", + "Type": "int " + }, { + "Name": "NetworkIcmpType", + "Type": "string " + }, { + "Name": "DstBytes", + "Type": "int " + }, { + "Name": "SrcBytes", + "Type": "int " + }, { + "Name": "NetworkBytes", + "Type": "int " + }, { + "Name": "DstPackets", + "Type": "int " + }, { + "Name": "SrcPackets", + "Type": "int " + }, { + "Name": "NetworkPackets", + "Type": "int " + }, { + "Name": "NetworkSessionId", + "Type": "string " + }, { + "Name": "SessionId", + "Type": "string " + }, { + "Name": "NetworkConnectionHistory", + "Type": "string " + }, { + "Name": "SrcVlanId", + "Type": "string " + }, { + "Name": "DstVlanId", + "Type": "string " + }, { + "Name": "InnerVlanId", + "Type": "string " + }, { + "Name": "OuterVlanId", + "Type": " string " + }, { + "Name": "DstNatIpAddr", + "Type": "string " + }, { + "Name": "DstNatPortNumber", + "Type": "int " + }, { + "Name": "SrcNatIpAddr", + "Type": "string " + }, { + "Name": "SrcNatPortNumber", + "Type": "int " + }, { + "Name": "DvcInboundInterface", + "Type": "string " + }, { + "Name": "DvcOutboundInterface", + "Type": "string " + }, { + "Name": "Url", + "Type": "string " + }, { + "Name": "UrlCategory", + "Type": "string " + }, { + "Name": "UrlOriginal", + "Type": "string " + }, { + "Name": "HttpVersion", + "Type": "string " + }, { + "Name": "HttpRequestMethod", + "Type": "string " + }, { + "Name": "HttpStatusCode", + "Type": "string " + }, { + "Name": "HttpContentType", + "Type": "string " + }, { + "Name": "HttpContentFormat", + "Type": "string " + }, { + "Name": "HttpReferrer", + "Type": "string " + }, { + "Name": "HttpUserAgent", + "Type": "string " + }, { + "Name": "UserAgent", + "Type": "string " + }, { + "Name": "HttpRequestXff", + "Type": "string " + }, { + "Name": "HttpRequestTime", + "Type": "int " + }, { + "Name": "HttpResponseTime", + "Type": "int " + }, { + "Name": "FileName", + "Type": "string " + }, { + "Name": "FileMD5", + "Type": "string " + }, { + "Name": "FileSHA1", + "Type": "string " + }, { + "Name": "FileSHA256", + "Type": "string " + }, { + "Name": "FileSHA512", + "Type": "string " + }, { + "Name": "FileSize", + "Type": "string " + }, { + "Name": "FileContentType", + "Type": "string " + }, { + "Name": "RuleName", + "Type": "string " + }, { + "Name": "RuleNumber", + "Type": "int " + }, { + "Name": "Rule", + "Type": "string " + }, { + "Name": "ThreatId", + "Type": "string " + }, { + "Name": "ThreatName", + "Type": "string " + }, { + "Name": "ThreatCategory", + "Type": "string " + }, { + "Name": "ThreatRiskLevel", + "Type": "int " + }, { + "Name": "ThreatRiskLevelOriginal", + "Type": "string " + } + ] +}