Cloud Security Supported Fields
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

This document shows the fields supported by each provider and operation.

query_cloud_resource_inventory
query_compliance_findings
query_events
query_ioms
query_threats

query_cloud_resource_inventory

Field	CrowdStrike Cloud Security	Microsoft Defender for Cloud	Palo Alto Networks Cortex Cloud Security	Wiz Cloud Security	[MOCK] CrowdStrike Cloud Security	Type
activity_id	✅	✅	✅	✅	✅	number
activity_name	✅	✅	✅	✅	✅	string
category_name	✅	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	✅	number
cloud.account.name	✅	✅	✅	✅	✅	string
cloud.account.type	✅	✅	✅	✅	✅	string
cloud.account.type_id	❌	✅	✅	❌	❌	number
cloud.account.uid	✅	✅	✅	✅	✅	string
cloud.provider	✅	✅	✅	✅	✅	string
cloud.region	✅	✅	✅	✅	✅	string
custom_fields.cloud_account_cloud_provider	❌	❌	❌	✅	❌	string
custom_fields.cloud_account_external_id	❌	❌	❌	✅	❌	string
custom_fields.cloud_account_id	❌	❌	❌	✅	❌	string
custom_fields.cloud_platform	❌	❌	❌	✅	❌	string
custom_fields.external_id	❌	❌	❌	✅	❌	string
custom_fields.native_type	❌	❌	❌	✅	❌	string
custom_fields.provider_unique_id	❌	❌	❌	✅	❌	string
custom_fields.tags[].key	❌	❌	❌	✅	❌	string
custom_fields.tags[].value	❌	❌	❌	✅	❌	string
custom_fields.wiz_id	❌	❌	❌	✅	❌	string
device.created_time	❌	❌	❌	✅	❌	timestamp
device.created_time_dt	❌	❌	❌	✅	❌	string
device.first_seen_time	✅	✅	✅	✅	✅	timestamp
device.first_seen_time_dt	✅	✅	❌	✅	✅	string
device.groups[].name	❌	❌	✅	❌	❌	string
device.groups[].type	❌	❌	✅	❌	❌	string
device.groups[].uid	❌	❌	✅	❌	❌	string
device.last_seen_time	✅	✅	✅	✅	✅	timestamp
device.last_seen_time_dt	✅	✅	❌	✅	✅	string
device.modified_time	✅	✅	❌	✅	✅	timestamp
device.modified_time_dt	✅	✅	❌	✅	✅	string
device.name	✅	✅	✅	✅	✅	string
device.region	✅	✅	✅	✅	✅	string
device.type	✅	✅	✅	✅	✅	string
device.type_id	✅	✅	✅	✅	✅	number
device.uid	✅	✅	✅	✅	✅	string
device.uid_alt	❌	❌	❌	✅	❌	string
end_time	❌	❌	❌	✅	❌	timestamp
end_time_dt	❌	❌	❌	✅	❌	string
enrichments[].data.benchmark_versions	✅	❌	❌	❌	✅	unknown
enrichments[].data.controls	✅	❌	❌	❌	✅	unknown
enrichments[].data.controls[].benchmarks[].id	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].benchmarks[].name	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].benchmarks[].version	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].framework	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].name	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].type	✅	❌	❌	❌	✅	string
enrichments[].data.controls[].version	✅	❌	❌	❌	✅	string
enrichments[].data.ioa_counts	✅	❌	❌	❌	✅	number
enrichments[].data.iom_counts	✅	❌	❌	❌	✅	number
enrichments[].data.legacy_policy_ids[]	✅	❌	❌	❌	✅	number
enrichments[].data.rules	✅	❌	❌	❌	✅	unknown
enrichments[].data.rules[]	✅	❌	❌	❌	✅	string
enrichments[].desc	✅	❌	❌	❌	✅	string
enrichments[].name	✅	❌	❌	❌	✅	string
enrichments[].provider	✅	❌	❌	❌	✅	string
enrichments[].type	✅	❌	❌	❌	✅	string
enrichments[].value	✅	❌	❌	❌	✅	string
message	✅	✅	✅	✅	✅	string
metadata.product.feature.name	✅	✅	✅	✅	✅	string
metadata.product.vendor_name	✅	✅	✅	✅	✅	string
metadata.tenant_uid	✅	✅	✅	❌	✅	string
metadata.uid	✅	❌	❌	✅	✅	string
metadata.version	✅	✅	✅	✅	✅	string
region	❌	❌	✅	❌	❌	string
resources[].data.cloud_account_cloud_provider	❌	❌	❌	✅	❌	string
resources[].data.cloud_account_external_id	❌	❌	❌	✅	❌	string
resources[].data.cloud_platform	❌	❌	❌	✅	❌	string
resources[].data.external_id	❌	❌	❌	✅	❌	string
resources[].data.native_type	❌	❌	❌	✅	❌	string
resources[].data.provider_unique_id	❌	❌	❌	✅	❌	string
resources[].data.status	❌	❌	❌	✅	❌	string
resources[].data.tags[].key	❌	❌	❌	✅	❌	string
resources[].data.tags[].value	❌	❌	❌	✅	❌	string
resources[].data.wiz_id	❌	❌	❌	✅	❌	string
resources[].group.name	✅	❌	✅	❌	✅	string
resources[].group.uid	✅	❌	✅	❌	✅	string
resources[].labels[]	✅	❌	✅	✅	✅	string
resources[].last_seen_time	❌	❌	❌	✅	❌	timestamp
resources[].last_seen_time_dt	❌	❌	❌	✅	❌	string
resources[].name	✅	❌	✅	✅	✅	string
resources[].region	❌	❌	✅	✅	❌	string
resources[].tags[].name	❌	❌	✅	❌	❌	string
resources[].tags[].value	❌	❌	✅	❌	❌	string
resources[].type	✅	❌	✅	✅	✅	string
resources[].uid	✅	❌	✅	✅	✅	string
severity	✅	✅	✅	✅	✅	string
severity_id	✅	✅	✅	✅	✅	number
start_time	❌	❌	❌	✅	❌	timestamp
start_time_dt	❌	❌	❌	✅	❌	string
status	❌	❌	❌	✅	❌	string
status_code	❌	❌	❌	✅	❌	string
status_id	❌	❌	❌	✅	❌	number
time	✅	✅	✅	✅	✅	number
time_dt	✅	✅	❌	✅	✅	string
type_name	✅	✅	✅	✅	✅	string
type_uid	✅	✅	✅	✅	✅	number

query_compliance_findings

Field	AWS Cloud Security	AWS EventBridge SQS	CrowdStrike Cloud Security	Microsoft Defender for Cloud	Palo Alto Networks Cortex Cloud Security	Wiz Cloud Security	[MOCK] CrowdStrike Cloud Security	Type
activity_id	✅	✅	✅	✅	✅	✅	✅	number
activity_name	✅	✅	❌	✅	✅	✅	❌	string
category_name	✅	✅	✅	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	✅	✅	✅	number
cloud.account.uid	✅	✅	❌	❌	❌	❌	❌	string
cloud.provider	✅	✅	❌	✅	❌	✅	❌	string
cloud.region	✅	✅	❌	❌	❌	❌	❌	string
compliance.assessments[].desc	✅	❌	❌	❌	❌	❌	❌	string
compliance.assessments[].meets_criteria	✅	❌	❌	❌	❌	❌	❌	boolean
compliance.assessments[].name	✅	❌	❌	❌	❌	❌	❌	string
compliance.control	✅	✅	❌	✅	✅	✅	❌	string
compliance.control_parameters[].name	✅	❌	❌	❌	❌	❌	❌	string
compliance.control_parameters[].values[]	✅	❌	❌	❌	❌	❌	❌	string
compliance.requirements[]	✅	❌	❌	✅	❌	✅	❌	string
compliance.standards[]	✅	✅	❌	✅	✅	✅	❌	string
compliance.status	✅	✅	❌	✅	✅	✅	❌	string
compliance.status_code	❌	✅	❌	❌	❌	✅	❌	string
compliance.status_id	✅	✅	❌	✅	✅	✅	❌	number
count	❌	❌	✅	❌	✅	❌	✅	number
custom_fields.finding_name	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_analyzed_at	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_first_seen_at	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_resource_cloud_platform	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_result	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_status	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.raw_updated_at	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.resource_native_type	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.resource_type	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.rule_id	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.rule_name	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.rule_short_id	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_category_names[]	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_framework_ids[]	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_framework_names[]	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].category.framework.id	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].category.framework.name	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].category.id	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].category.name	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].id	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategories[].title	❌	❌	❌	❌	❌	✅	❌	string
custom_fields.security_subcategory_ids[]	❌	❌	❌	❌	❌	✅	❌	string
device.desc	❌	❌	✅	❌	❌	❌	✅	string
device.first_seen_time	❌	❌	✅	❌	❌	❌	✅	timestamp
device.first_seen_time_dt	❌	❌	✅	❌	❌	❌	✅	string
device.hostname	❌	❌	✅	❌	❌	❌	✅	string
device.hw_info.bios_manufacturer	❌	❌	✅	❌	❌	❌	✅	string
device.hw_info.bios_ver	❌	❌	✅	❌	❌	❌	✅	string
device.hw_info.chassis	❌	❌	✅	❌	❌	❌	✅	string
device.hw_info.serial_number	❌	❌	✅	❌	❌	❌	✅	string
device.instance_uid	❌	❌	✅	❌	❌	❌	✅	string
device.ip	❌	❌	✅	❌	❌	❌	✅	string
device.last_seen_time	❌	❌	✅	❌	❌	❌	✅	timestamp
device.last_seen_time_dt	❌	❌	✅	❌	❌	❌	✅	string
device.mac	❌	❌	✅	❌	❌	❌	✅	string
device.modified_time	❌	❌	✅	❌	❌	❌	✅	timestamp
device.modified_time_dt	❌	❌	✅	❌	❌	❌	✅	string
device.name	❌	❌	✅	❌	❌	❌	✅	string
device.network_status	❌	❌	✅	❌	❌	❌	✅	string
device.network_status_id	❌	❌	✅	❌	❌	❌	✅	number
device.org.name	❌	❌	✅	❌	❌	❌	✅	string
device.org.uid	❌	❌	✅	❌	❌	❌	✅	string
device.os.build	❌	❌	✅	❌	❌	❌	✅	string
device.os.name	❌	❌	✅	❌	❌	❌	✅	string
device.os.type	❌	❌	✅	❌	❌	❌	✅	string
device.os.type_id	❌	❌	✅	❌	❌	❌	✅	number
device.os.version	❌	❌	✅	❌	❌	❌	✅	string
device.type	❌	❌	✅	❌	❌	❌	✅	string
device.type_id	❌	❌	✅	❌	✅	❌	✅	number
device.uid	❌	❌	✅	❌	✅	❌	✅	string
device.zone	❌	❌	✅	❌	❌	❌	✅	string
finding_info.analytic.category	❌	❌	❌	❌	✅	❌	❌	string
finding_info.analytic.name	❌	❌	❌	❌	✅	❌	❌	string
finding_info.analytic.type_id	❌	❌	❌	❌	✅	❌	❌	number
finding_info.analytic.uid	❌	❌	❌	❌	✅	❌	❌	string
finding_info.created_time	✅	✅	❌	❌	✅	✅	❌	timestamp
finding_info.created_time_dt	✅	✅	❌	❌	❌	✅	❌	string
finding_info.desc	✅	✅	❌	❌	✅	✅	❌	string
finding_info.first_seen_time	✅	✅	❌	❌	✅	✅	❌	timestamp
finding_info.first_seen_time_dt	✅	✅	❌	❌	❌	✅	❌	string
finding_info.last_seen_time	✅	✅	❌	❌	❌	✅	❌	timestamp
finding_info.last_seen_time_dt	✅	✅	❌	❌	❌	✅	❌	string
finding_info.modified_time	✅	✅	❌	❌	❌	✅	❌	timestamp
finding_info.modified_time_dt	✅	✅	❌	❌	❌	✅	❌	string
finding_info.product_uid	❌	✅	❌	❌	❌	❌	❌	string
finding_info.title	✅	✅	❌	✅	✅	✅	❌	string
finding_info.types[]	✅	✅	❌	❌	✅	❌	❌	string
finding_info.uid	✅	✅	❌	✅	✅	✅	❌	string
message	❌	✅	✅	❌	✅	✅	✅	string
metadata.correlation_uid	❌	❌	❌	❌	✅	❌	❌	string
metadata.event_code	❌	✅	❌	❌	❌	❌	❌	string
metadata.extensions[].name	✅	❌	❌	❌	❌	❌	❌	string
metadata.extensions[].uid	✅	❌	❌	❌	❌	❌	❌	string
metadata.extensions[].version	✅	❌	❌	❌	❌	❌	❌	string
metadata.labels[]	❌	❌	✅	❌	❌	❌	✅	string
metadata.log_provider	❌	✅	❌	❌	❌	❌	❌	string
metadata.loggers[].name	❌	❌	✅	❌	❌	❌	✅	string
metadata.loggers[].version	❌	❌	✅	❌	❌	❌	✅	string
metadata.product.name	✅	✅	❌	✅	✅	✅	❌	string
metadata.product.uid	✅	✅	❌	❌	❌	❌	❌	string
metadata.product.vendor_name	✅	✅	✅	✅	✅	✅	✅	string
metadata.product.version	❌	❌	✅	❌	❌	❌	✅	string
metadata.profiles[]	✅	❌	❌	❌	❌	❌	❌	string
metadata.uid	✅	✅	❌	❌	✅	❌	❌	string
metadata.version	✅	✅	✅	✅	✅	✅	✅	string
remediation.desc	✅	✅	❌	❌	❌	❌	❌	string
remediation.references[]	✅	✅	❌	❌	❌	❌	❌	string
resource.name	❌	❌	❌	✅	❌	✅	❌	string
resource.region	❌	❌	❌	❌	❌	✅	❌	string
resource.type	❌	❌	❌	✅	✅	✅	❌	string
resource.uid	❌	❌	❌	✅	✅	✅	❌	string
resources[].cloud_partition	✅	✅	❌	❌	❌	❌	❌	string
resources[].owner.account.uid	✅	✅	❌	❌	❌	❌	❌	string
resources[].region	✅	✅	❌	❌	❌	❌	❌	string
resources[].type	✅	✅	❌	❌	❌	❌	❌	string
resources[].uid	✅	✅	❌	❌	❌	❌	❌	string
severity	✅	✅	✅	✅	✅	✅	✅	string
severity_id	✅	✅	✅	✅	✅	✅	✅	number
start_time	❌	❌	❌	❌	✅	✅	❌	timestamp
start_time_dt	❌	❌	❌	❌	❌	✅	❌	string
status	✅	✅	✅	❌	✅	✅	✅	string
status_code	❌	❌	❌	❌	❌	✅	❌	string
status_id	✅	✅	✅	❌	✅	✅	✅	number
time	✅	✅	✅	✅	✅	✅	✅	number
time_dt	✅	✅	❌	❌	❌	✅	❌	string
type_name	✅	✅	✅	✅	✅	✅	✅	string
type_uid	✅	✅	✅	✅	✅	✅	✅	number
vendor_attributes.severity	✅	❌	❌	❌	❌	❌	❌	string
vendor_attributes.severity_id	✅	❌	❌	❌	❌	❌	❌	number

query_events

Field	AWS Cloud Security	Upwind Cloud Security	Type
activity_id	✅	✅	number
activity_name	✅	✅	string
actor.id	✅	❌	string
actor.name	✅	❌	string
actor.type	✅	❌	string
actor.type_id	✅	❌	number
actor.uid	✅	❌	string
actor.uid_alt	✅	❌	string
api.operation	✅	✅	string
api.request.uid	✅	❌	string
api.service.name	✅	❌	string
category_name	✅	✅	string
category_uid	✅	✅	number
class_name	✅	✅	string
class_uid	✅	✅	number
cloud.account.type_id	❌	✅	number
cloud.account.uid	✅	✅	string
cloud.provider	✅	✅	string
cloud.region	✅	✅	string
device.name	❌	✅	string
device.region	❌	✅	string
device.type_id	❌	✅	number
http_request.user_agent	✅	❌	string
message	❌	✅	string
metadata.event_code	❌	✅	string
metadata.labels[]	✅	❌	string
metadata.product.name	✅	✅	string
metadata.product.vendor_name	✅	✅	string
metadata.tenant_uid	✅	❌	string
metadata.uid	❌	✅	string
metadata.version	✅	✅	string
parameters.AuthenticationMethod	✅	❌	string
parameters.CipherSuite	✅	❌	string
parameters.Host	✅	❌	string
parameters.SSEApplied	✅	❌	string
parameters.SignatureVersion	✅	❌	string
parameters.associationId	✅	❌	string
parameters.bucketName	✅	❌	string
parameters.bytesTransferredIn	✅	❌	number
parameters.bytesTransferredOut	✅	❌	number
parameters.executionResult.errorCode	✅	❌	string
parameters.executionResult.executionDate	✅	❌	string
parameters.executionResult.executionSummary	✅	❌	string
parameters.executionResult.status	✅	❌	string
parameters.instanceId	✅	❌	string
parameters.key	✅	❌	string
parameters.x-amz-acl	✅	❌	string
parameters.x-amz-id-2	✅	❌	string
parameters.x-amz-server-side-encryption[]	✅	❌	string
severity	✅	✅	string
severity_id	✅	✅	number
src_endpoint.ip	✅	❌	string
status	✅	❌	string
status_id	✅	❌	number
time	✅	✅	number
time_dt	✅	✅	string
tls.cipher_suite	✅	❌	string
tls.version	✅	❌	string
type_name	✅	✅	string
type_uid	✅	✅	number
web_resources[].labels[]	✅	❌	string
web_resources[].name	✅	❌	string
web_resources[].uid	✅	❌	string

query_ioms

Field	CrowdStrike Cloud Security	Palo Alto Networks Cortex Cloud Security	[MOCK] CrowdStrike Cloud Security	Type
activity_id	✅	✅	✅	number
activity_name	✅	✅	✅	string
actor.authorizations[].policy.desc	✅	❌	✅	string
actor.authorizations[].policy.name	✅	❌	✅	string
actor.authorizations[].policy.uid	✅	❌	✅	string
actor.user.has_mfa	✅	❌	✅	boolean
actor.user.name	✅	❌	✅	string
api.operation	✅	❌	✅	string
api.service.name	✅	❌	✅	string
category_name	✅	✅	✅	string
category_uid	✅	✅	✅	number
class_name	✅	✅	✅	string
class_uid	✅	✅	✅	number
cloud.account.name	✅	❌	✅	string
cloud.account.uid	✅	❌	✅	string
cloud.provider	✅	❌	✅	string
cloud.region	✅	❌	✅	string
compliance.control	❌	✅	❌	string
compliance.standards[]	❌	✅	❌	string
compliance.status	❌	✅	❌	string
compliance.status_id	❌	✅	❌	number
count	❌	✅	❌	number
device.type_id	❌	✅	❌	number
device.uid	❌	✅	❌	string
finding_info.analytic.category	❌	✅	❌	string
finding_info.analytic.name	❌	✅	❌	string
finding_info.analytic.type_id	❌	✅	❌	number
finding_info.created_time	✅	✅	✅	timestamp
finding_info.created_time_dt	✅	❌	✅	string
finding_info.desc	✅	✅	✅	string
finding_info.first_seen_time	❌	✅	❌	timestamp
finding_info.title	✅	✅	✅	string
finding_info.types[]	❌	✅	❌	string
finding_info.uid	✅	✅	✅	string
message	❌	✅	❌	string
metadata.correlation_uid	❌	✅	❌	string
metadata.product.feature.name	✅	❌	✅	string
metadata.product.name	❌	✅	❌	string
metadata.product.url_string	✅	❌	✅	string
metadata.product.vendor_name	✅	✅	✅	string
metadata.uid	✅	✅	✅	string
metadata.version	✅	✅	✅	string
remediation.desc	❌	✅	❌	string
resource.type	❌	✅	❌	string
resource.uid	❌	✅	❌	string
resources[].data.Creation Date	✅	❌	✅	string
resources[].data.Password Enabled	✅	❌	✅	string
resources[].data.Password Last Changed	✅	❌	✅	string
resources[].data.Password Last Used	✅	❌	✅	string
resources[].data.User	✅	❌	✅	string
resources[].data.User Arn	✅	❌	✅	string
resources[].name	✅	❌	✅	string
resources[].owner.name	✅	❌	✅	string
resources[].owner.uid	✅	❌	✅	string
resources[].type	✅	❌	✅	string
resources[].uid	✅	❌	✅	string
severity	✅	✅	✅	string
severity_id	✅	✅	✅	number
start_time	❌	✅	❌	timestamp
status	❌	✅	❌	string
status_id	❌	✅	❌	number
time	✅	✅	✅	number
time_dt	✅	❌	✅	string
type_name	✅	✅	✅	string
type_uid	✅	✅	✅	number

query_threats

Field	AWS Cloud Security	AWS EventBridge SQS	Microsoft Defender for Cloud	Upwind Cloud Security	Wiz Cloud Security	Type
activity_id	✅	✅	✅	✅	✅	number
activity_name	✅	✅	✅	✅	✅	string
actor.user.name	❌	✅	❌	❌	✅	string
actor.user.type	❌	✅	❌	❌	✅	string
actor.user.uid	❌	✅	❌	❌	✅	string
api.operation	❌	✅	❌	❌	❌	string
api.response.error	❌	✅	❌	❌	❌	string
api.service.name	❌	✅	❌	❌	❌	string
attacks[].tactic.name	❌	❌	❌	✅	❌	string
attacks[].tactic.uid	❌	❌	❌	✅	❌	string
attacks[].technique.name	❌	❌	❌	✅	❌	string
attacks[].technique.uid	❌	❌	❌	✅	❌	string
category_name	✅	✅	✅	✅	✅	string
category_uid	✅	✅	✅	✅	✅	number
class_name	✅	✅	✅	✅	✅	string
class_uid	✅	✅	✅	✅	✅	number
cloud.account.name	❌	❌	❌	❌	✅	string
cloud.account.type	✅	✅	❌	❌	✅	string
cloud.account.type_id	✅	✅	❌	✅	❌	number
cloud.account.uid	✅	✅	✅	✅	✅	string
cloud.cloud_partition	✅	✅	❌	❌	❌	string
cloud.project_uid	❌	❌	✅	❌	❌	string
cloud.provider	✅	✅	✅	✅	✅	string
cloud.region	✅	✅	❌	✅	❌	string
count	✅	✅	❌	✅	✅	number
device.hostname	❌	❌	✅	❌	❌	string
device.name	❌	❌	❌	✅	✅	string
device.region	❌	❌	❌	✅	✅	string
device.type	❌	❌	❌	✅	✅	string
device.type_id	❌	❌	✅	✅	✅	number
device.uid	❌	❌	❌	✅	✅	string
evidences[].data.entityType	❌	❌	✅	❌	❌	string
evidences[].data.resourceId	❌	❌	✅	❌	❌	string
evidences[].data.resourceName	❌	❌	✅	❌	❌	string
evidences[].data.resourceType	❌	❌	✅	❌	❌	string
evidences[].device.domain	❌	❌	✅	❌	❌	string
evidences[].device.hostname	❌	❌	✅	❌	❌	string
evidences[].device.type_id	❌	❌	✅	❌	❌	number
evidences[].file.hashes[].algorithm	❌	❌	✅	❌	❌	string
evidences[].file.hashes[].algorithm_id	❌	❌	✅	❌	❌	number
evidences[].file.hashes[].value	❌	❌	✅	❌	❌	string
evidences[].file.name	❌	❌	✅	❌	❌	string
evidences[].file.path	❌	❌	✅	❌	❌	string
evidences[].file.type_id	❌	❌	✅	❌	❌	number
evidences[].user.account.name	❌	❌	✅	❌	❌	string
evidences[].user.account.type	❌	❌	✅	❌	❌	string
evidences[].user.domain	❌	❌	✅	❌	❌	string
evidences[].user.name	❌	❌	✅	❌	❌	string
finding_info.analytic.type	✅	✅	❌	❌	❌	string
finding_info.analytic.type_id	✅	✅	❌	❌	❌	number
finding_info.analytic.uid	✅	✅	❌	❌	❌	string
finding_info.created_time	✅	✅	✅	✅	✅	timestamp
finding_info.created_time_dt	✅	✅	✅	✅	✅	string
finding_info.desc	✅	✅	✅	✅	✅	string
finding_info.first_seen_time	✅	✅	❌	✅	❌	timestamp
finding_info.first_seen_time_dt	✅	✅	❌	✅	❌	string
finding_info.last_seen_time	✅	✅	❌	✅	✅	timestamp
finding_info.last_seen_time_dt	✅	✅	❌	✅	✅	string
finding_info.modified_time	✅	✅	✅	✅	✅	timestamp
finding_info.modified_time_dt	✅	✅	✅	✅	✅	string
finding_info.product.uid	✅	❌	❌	❌	❌	string
finding_info.title	✅	✅	✅	✅	✅	string
finding_info.types[]	✅	✅	✅	✅	✅	string
finding_info.uid	✅	✅	✅	✅	✅	string
finding_info.uid_alt	✅	✅	❌	❌	❌	string
malware[].classification_ids[]	✅	❌	❌	❌	❌	number
malware[].files[].hashes[].algorithm	✅	❌	❌	❌	❌	string
malware[].files[].hashes[].algorithm_id	✅	❌	❌	❌	❌	number
malware[].files[].hashes[].value	✅	❌	❌	❌	❌	string
malware[].files[].name	✅	❌	❌	❌	❌	string
malware[].files[].path	✅	❌	❌	❌	❌	string
malware[].files[].type	✅	❌	❌	❌	❌	string
malware[].files[].type_id	✅	❌	❌	❌	❌	number
malware[].files[].volume	✅	❌	❌	❌	❌	string
malware[].name	✅	❌	❌	❌	❌	string
malware[].num_infected	✅	❌	❌	❌	❌	number
malware[].severity	✅	❌	❌	❌	❌	string
malware[].severity_id	✅	❌	❌	❌	❌	number
malware_scan_info.end_time	✅	❌	❌	❌	❌	timestamp
malware_scan_info.end_time_dt	✅	❌	❌	❌	❌	string
malware_scan_info.num_files	✅	❌	❌	❌	❌	number
malware_scan_info.num_infected	✅	❌	❌	❌	❌	number
malware_scan_info.num_volumes	✅	❌	❌	❌	❌	number
malware_scan_info.size	✅	❌	❌	❌	❌	number
malware_scan_info.start_time	✅	❌	❌	❌	❌	timestamp
malware_scan_info.start_time_dt	✅	❌	❌	❌	❌	string
malware_scan_info.type	✅	❌	❌	❌	❌	string
malware_scan_info.type_id	✅	❌	❌	❌	❌	number
malware_scan_info.uid	✅	❌	❌	❌	❌	string
malware_scan_info.unique_malware_count	✅	❌	❌	❌	❌	number
message	❌	✅	✅	✅	✅	string
metadata.event_code	❌	✅	❌	✅	✅	string
metadata.log_provider	❌	✅	❌	❌	❌	string
metadata.product.feature.name	✅	❌	❌	❌	✅	string
metadata.product.name	✅	✅	✅	❌	✅	string
metadata.product.uid	✅	✅	❌	❌	❌	string
metadata.product.vendor_name	✅	✅	✅	✅	✅	string
metadata.profiles[]	✅	❌	❌	❌	❌	string
metadata.uid	✅	✅	✅	❌	✅	string
metadata.version	✅	✅	✅	✅	✅	string
observables[].name	❌	❌	❌	❌	✅	string
observables[].type	❌	❌	❌	❌	✅	string
observables[].type_id	❌	❌	❌	❌	✅	number
observables[].value	❌	❌	❌	❌	✅	string
raw_data	❌	❌	✅	❌	❌	string
remediation.desc	✅	❌	✅	❌	❌	string
remediation.references[]	✅	❌	❌	❌	❌	string
resources[].cloud_partition	✅	✅	❌	❌	❌	string
resources[].data.availability_zone	✅	✅	❌	❌	❌	string
resources[].data.device_name	✅	❌	❌	❌	❌	string
resources[].data.effective_permission	❌	✅	❌	❌	❌	string
resources[].data.encryption_type	✅	✅	❌	❌	❌	string
resources[].data.iam_instance_profile.arn	✅	✅	❌	❌	❌	string
resources[].data.iam_instance_profile.id	✅	✅	❌	❌	❌	string
resources[].data.image_description	✅	✅	❌	❌	❌	string
resources[].data.image_id	✅	✅	❌	❌	❌	string
resources[].data.instance_id	✅	✅	❌	❌	❌	string
resources[].data.instance_state	✅	✅	❌	❌	❌	string
resources[].data.instance_type	✅	✅	❌	❌	❌	string
resources[].data.kms_key_arn	✅	✅	❌	❌	❌	string
resources[].data.launch_time	✅	✅	❌	❌	❌	timestamp
resources[].data.launch_time_dt	❌	✅	❌	❌	❌	string
resources[].data.network_interfaces[].network_interface_id	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].private_dns_name	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].private_ip_address	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].private_ip_addresses[].private_dns_name	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].private_ip_addresses[].private_ip_address	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].public_dns_name	❌	✅	❌	❌	❌	string
resources[].data.network_interfaces[].public_ip	❌	✅	❌	❌	❌	string
resources[].data.network_interfaces[].security_groups[].group_id	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].security_groups[].group_name	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].subnet_id	✅	✅	❌	❌	❌	string
resources[].data.network_interfaces[].vpc_id	✅	✅	❌	❌	❌	string
resources[].data.owner_id	❌	✅	❌	❌	❌	string
resources[].data.resource_type	❌	✅	❌	❌	❌	string
resources[].data.snapshot_arn	✅	❌	❌	❌	❌	string
resources[].data.tags[].key	✅	✅	❌	❌	❌	string
resources[].data.tags[].value	✅	✅	❌	❌	❌	string
resources[].data.uid	❌	❌	❌	✅	❌	string
resources[].data.volume_arn	✅	❌	❌	❌	❌	string
resources[].data.volume_size_in_gb	✅	❌	❌	❌	❌	number
resources[].data.volume_type	✅	❌	❌	❌	❌	string
resources[].data.wiz_id	❌	❌	❌	❌	✅	string
resources[].name	✅	✅	✅	❌	✅	string
resources[].owner.account.type	✅	✅	❌	❌	❌	string
resources[].owner.account.type_id	✅	✅	❌	❌	❌	number
resources[].owner.account.uid	✅	✅	❌	❌	❌	string
resources[].region	✅	✅	❌	❌	❌	string
resources[].tags[].name	✅	✅	❌	❌	❌	string
resources[].tags[].value	✅	✅	❌	❌	❌	string
resources[].type	✅	✅	✅	❌	✅	string
resources[].uid	✅	✅	✅	❌	✅	string
severity	✅	✅	✅	✅	✅	string
severity_id	✅	✅	✅	✅	✅	number
src_endpoint.autonomous_system.name	❌	✅	❌	❌	❌	string
src_endpoint.autonomous_system.number	❌	✅	❌	❌	❌	number
src_endpoint.ip	❌	✅	❌	❌	❌	string
src_endpoint.location.city	❌	✅	❌	❌	❌	string
src_endpoint.location.country	❌	✅	❌	❌	❌	string
src_endpoint.location.lat	❌	✅	❌	❌	❌	number
src_endpoint.location.long	❌	✅	❌	❌	❌	number
status	✅	✅	✅	✅	❌	string
status_id	✅	✅	✅	✅	❌	number
time	✅	✅	✅	✅	✅	number
time_dt	✅	✅	✅	✅	✅	string
type_name	✅	✅	❌	✅	✅	string
type_uid	✅	✅	✅	✅	✅	number
vendor_attributes.additional_info.sample	❌	✅	❌	❌	❌	boolean
vendor_attributes.additional_info.type	❌	✅	❌	❌	❌	string
vendor_attributes.additional_info.value	❌	✅	❌	❌	❌	string
vendor_attributes.affected_resources.AWS::S3::Bucket	❌	✅	❌	❌	❌	string
vendor_attributes.resource_role	❌	✅	❌	❌	❌	string
vendor_attributes.service_name	❌	✅	❌	❌	❌	string
vendor_attributes.severity	✅	✅	❌	❌	❌	mixed
vendor_attributes.severity_id	✅	✅	❌	❌	❌	number

Cloud Security Supported FieldsCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude

query_cloud_resource_inventory

query_compliance_findings

query_events

query_ioms

query_threats

Was this helpful?

Cloud Security Supported Fields
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude