Skip to content
Guides
/
Connectors
/
/
Cloud Security Supported...

Cloud Security Supported Fields

This document shows the fields supported by each provider and operation.

query_cloud_resource_inventory

FieldCrowdStrike Cloud SecurityMicrosoft Defender for CloudPalo Alto Networks Cortex Cloud SecurityType
activity_idnumber
activity_namestring
category_namestring
category_uidnumber
class_namestring
class_uidnumber
cloud.account.namestring
cloud.account.typestring
cloud.account.type_idnumber
cloud.account.uidstring
cloud.providerstring
cloud.regionstring
device.first_seen_timetimestamp
device.first_seen_time_dtstring
device.groups[].namestring
device.groups[].typestring
device.groups[].uidstring
device.last_seen_timetimestamp
device.last_seen_time_dtstring
device.modified_timetimestamp
device.modified_time_dtstring
device.namestring
device.regionstring
device.typestring
device.type_idnumber
device.uidstring
enrichments[].data.benchmark_versionsunknown
enrichments[].data.controlsunknown
enrichments[].data.controls[].benchmarks[].idstring
enrichments[].data.controls[].benchmarks[].namestring
enrichments[].data.controls[].benchmarks[].versionstring
enrichments[].data.controls[].frameworkstring
enrichments[].data.controls[].namestring
enrichments[].data.controls[].typestring
enrichments[].data.controls[].versionstring
enrichments[].data.ioa_countsnumber
enrichments[].data.iom_countsnumber
enrichments[].data.legacy_policy_ids[]number
enrichments[].data.rulesunknown
enrichments[].data.rules[]string
enrichments[].descstring
enrichments[].namestring
enrichments[].providerstring
enrichments[].typestring
enrichments[].valuestring
messagestring
metadata.product.feature.namestring
metadata.product.vendor_namestring
metadata.tenant_uidstring
metadata.uidstring
metadata.versionstring
regionstring
resources[].group.namestring
resources[].group.uidstring
resources[].labels[]string
resources[].namestring
resources[].regionstring
resources[].tags[].namestring
resources[].tags[].valuestring
resources[].typestring
resources[].uidstring
severitystring
severity_idnumber
timenumber
time_dtstring
type_namestring
type_uidnumber

query_compliance_findings

FieldAWS Cloud SecurityCrowdStrike Cloud SecurityMicrosoft Defender for CloudPalo Alto Networks Cortex Cloud SecurityType
activity_idnumber
activity_namestring
category_namestring
category_uidnumber
class_namestring
class_uidnumber
cloud.account.uidstring
cloud.providerstring
cloud.regionstring
compliance.controlstring
compliance.requirements[]string
compliance.standardsunknown
compliance.standards[]string
compliance.statusstring
compliance.status_idnumber
countnumber
device.descstring
device.first_seen_timetimestamp
device.hostnamestring
device.hw_info.bios_manufacturerstring
device.hw_info.bios_verstring
device.hw_info.chassisstring
device.hw_info.serial_numberstring
device.instance_uidstring
device.ipstring
device.last_seen_timetimestamp
device.macstring
device.modified_timetimestamp
device.namestring
device.network_statusstring
device.network_status_idnumber
device.org.namestring
device.org.uidstring
device.os.buildstring
device.os.namestring
device.os.typestring
device.os.type_idnumber
device.os.versionstring
device.typestring
device.type_idnumber
device.uidstring
device.zonestring
finding_info.created_timetimestamp
finding_info.created_time_dtstring
finding_info.descstring
finding_info.first_seen_timetimestamp
finding_info.modified_timetimestamp
finding_info.modified_time_dtstring
finding_info.titlestring
finding_info.types[]string
finding_info.uidstring
messagestring
metadata.event_codestring
metadata.labels[]string
metadata.loggers[].namestring
metadata.loggers[].versionstring
metadata.product.feature.uidstring
metadata.product.namestring
metadata.product.uidstring
metadata.product.vendor_namestring
metadata.product.versionstring
metadata.profiles[]string
metadata.uidstring
metadata.versionstring
remediation.descstring
remediation.references[]string
resource.namestring
resource.typestring
resource.uidstring
resources[].cloud_partitionstring
resources[].namestring
resources[].owner.account.uidstring
resources[].regionstring
resources[].typestring
resources[].uidstring
severitystring
severity_idnumber
start_timetimestamp
statusstring
status_idnumber
timenumber
time_dtstring
type_namestring
type_uidnumber

query_ioms

FieldCrowdStrike Cloud SecurityType
activity_idnumber
activity_namestring
actor.authorizations[].policy.descstring
actor.authorizations[].policy.namestring
actor.authorizations[].policy.uidstring
actor.user.has_mfaboolean
actor.user.namestring
api.operationstring
api.service.namestring
category_namestring
category_uidnumber
class_namestring
class_uidnumber
cloud.account.namestring
cloud.account.uidstring
cloud.providerstring
cloud.regionstring
finding_info.created_timetimestamp
finding_info.created_time_dtstring
finding_info.descstring
finding_info.titlestring
finding_info.uidstring
metadata.product.feature.namestring
metadata.product.url_stringstring
metadata.product.vendor_namestring
metadata.uidstring
metadata.versionstring
resources[].data.Creation Datestring
resources[].data.Password Enabledstring
resources[].data.Password Last Changedstring
resources[].data.Password Last Usedstring
resources[].data.Userstring
resources[].data.User Arnstring
resources[].namestring
resources[].owner.namestring
resources[].owner.uidstring
resources[].typestring
resources[].uidstring
severitystring
severity_idnumber
timenumber
time_dtstring
type_namestring
type_uidnumber

query_threats

FieldAWS Cloud SecurityMicrosoft Defender for CloudType
activity_idnumber
activity_namestring
category_namestring
category_uidnumber
class_namestring
class_uidnumber
cloud.account.typestring
cloud.account.type_idnumber
cloud.account.uidstring
cloud.cloud_partitionstring
cloud.project_uidstring
cloud.providerstring
cloud.regionstring
countnumber
device.hostnamestring
device.type_idnumber
evidences[].data.entityTypestring
evidences[].data.resourceIdstring
evidences[].data.resourceNamestring
evidences[].data.resourceTypestring
evidences[].device.domainstring
evidences[].device.hostnamestring
evidences[].device.type_idnumber
evidences[].file.hashes[].algorithmstring
evidences[].file.hashes[].algorithm_idnumber
evidences[].file.hashes[].valuestring
evidences[].file.namestring
evidences[].file.pathstring
evidences[].file.type_idnumber
evidences[].user.account.namestring
evidences[].user.account.typestring
evidences[].user.domainstring
evidences[].user.namestring
finding_info.analytic.typestring
finding_info.analytic.type_idnumber
finding_info.analytic.uidstring
finding_info.created_timetimestamp
finding_info.created_time_dtstring
finding_info.descstring
finding_info.first_seen_timetimestamp
finding_info.first_seen_time_dtstring
finding_info.last_seen_timetimestamp
finding_info.last_seen_time_dtstring
finding_info.modified_timetimestamp
finding_info.modified_time_dtstring
finding_info.product.uidstring
finding_info.titlestring
finding_info.types[]string
finding_info.uidstring
finding_info.uid_altstring
malware[].classification_ids[]number
malware[].files[].hashes[].algorithmstring
malware[].files[].hashes[].algorithm_idnumber
malware[].files[].hashes[].valuestring
malware[].files[].namestring
malware[].files[].pathstring
malware[].files[].typestring
malware[].files[].type_idnumber
malware[].files[].volumestring
malware[].namestring
malware[].num_infectednumber
malware[].severitystring
malware[].severity_idnumber
malware_scan_info.end_timetimestamp
malware_scan_info.end_time_dtstring
malware_scan_info.num_filesnumber
malware_scan_info.num_infectednumber
malware_scan_info.num_volumesnumber
malware_scan_info.sizenumber
malware_scan_info.start_timetimestamp
malware_scan_info.start_time_dtstring
malware_scan_info.typestring
malware_scan_info.type_idnumber
malware_scan_info.uidstring
malware_scan_info.unique_malware_countnumber
messagestring
metadata.product.feature.namestring
metadata.product.namestring
metadata.product.uidstring
metadata.product.vendor_namestring
metadata.profiles[]string
metadata.uidstring
metadata.versionstring
raw_datastring
remediation.descstring
remediation.references[]string
resources[].cloud_partitionstring
resources[].data.availability_zonestring
resources[].data.device_namestring
resources[].data.encryption_typestring
resources[].data.iam_instance_profile.arnstring
resources[].data.iam_instance_profile.idstring
resources[].data.image_descriptionstring
resources[].data.image_idstring
resources[].data.instance_idstring
resources[].data.instance_statestring
resources[].data.instance_typestring
resources[].data.kms_key_arnstring
resources[].data.launch_timetimestamp
resources[].data.network_interfaces[].network_interface_idstring
resources[].data.network_interfaces[].private_dns_namestring
resources[].data.network_interfaces[].private_ip_addressstring
resources[].data.network_interfaces[].private_ip_addresses[].private_dns_namestring
resources[].data.network_interfaces[].private_ip_addresses[].private_ip_addressstring
resources[].data.network_interfaces[].security_groups[].group_idstring
resources[].data.network_interfaces[].security_groups[].group_namestring
resources[].data.network_interfaces[].subnet_idstring
resources[].data.network_interfaces[].vpc_idstring
resources[].data.snapshot_arnstring
resources[].data.tags[].keystring
resources[].data.tags[].valuestring
resources[].data.volume_arnstring
resources[].data.volume_size_in_gbnumber
resources[].data.volume_typestring
resources[].namestring
resources[].owner.account.typestring
resources[].owner.account.type_idnumber
resources[].owner.account.uidstring
resources[].regionstring
resources[].tags[].namestring
resources[].tags[].valuestring
resources[].typestring
resources[].uidstring
severitystring
severity_idnumber
statusstring
status_idnumber
timenumber
time_dtstring
type_namestring
type_uidnumber
vendor_attributes.severitystring
vendor_attributes.severity_idnumber
Previous page
Next page