Cloud Security Supported Fields

This document shows the fields supported by each provider and operation.

query_cloud_resource_inventory
query_compliance_findings

query_cloud_resource_inventory

Field	CrowdStrike Cloud Security	Microsoft Defender for Cloud	Type
activity_id	✅	✅	number
activity_name	✅	✅	string
category_name	✅	✅	string
category_uid	✅	✅	number
class_uid	✅	✅	number
cloud.account.name	✅	✅	string
cloud.account.type	✅	✅	string
cloud.account.type_id	❌	✅	number
cloud.account.uid	✅	✅	string
cloud.provider	✅	✅	string
cloud.region	✅	✅	string
device.first_seen_time	✅	✅	timestamp
device.first_seen_time_dt	✅	✅	string
device.last_seen_time	✅	✅	timestamp
device.last_seen_time_dt	✅	✅	string
device.modified_time	✅	✅	timestamp
device.modified_time_dt	✅	✅	string
device.name	✅	✅	string
device.region	✅	✅	string
device.type	✅	✅	string
device.type_id	✅	✅	number
device.uid	✅	✅	string
enrichments[].data.benchmark_versions	✅	❌	unknown
enrichments[].data.controls	✅	❌	unknown
enrichments[].data.controls[].benchmarks[].id	✅	❌	string
enrichments[].data.controls[].benchmarks[].name	✅	❌	string
enrichments[].data.controls[].benchmarks[].version	✅	❌	string
enrichments[].data.controls[].framework	✅	❌	string
enrichments[].data.controls[].name	✅	❌	string
enrichments[].data.controls[].type	✅	❌	string
enrichments[].data.controls[].version	✅	❌	string
enrichments[].data.ioa_counts	✅	❌	number
enrichments[].data.iom_counts	✅	❌	number
enrichments[].data.legacy_policy_ids[]	✅	❌	number
enrichments[].data.rules	✅	❌	unknown
enrichments[].data.rules[]	✅	❌	string
enrichments[].desc	✅	❌	string
enrichments[].name	✅	❌	string
enrichments[].provider	✅	❌	string
enrichments[].type	✅	❌	string
enrichments[].value	✅	❌	string
message	✅	✅	string
metadata.product.feature.name	✅	✅	string
metadata.product.vendor_name	✅	✅	string
metadata.tenant_uid	✅	✅	string
metadata.uid	✅	❌	string
metadata.version	✅	✅	string
resources[].group.name	✅	❌	string
resources[].group.uid	✅	❌	string
resources[].labels[]	✅	❌	string
resources[].name	✅	❌	string
resources[].type	✅	❌	string
resources[].uid	✅	❌	string
severity_id	✅	✅	number
time	✅	✅	number
time_dt	✅	✅	string
type_uid	✅	✅	number

query_compliance_findings

Field	CrowdStrike Cloud Security	Microsoft Defender for Cloud	Type
activity_id	✅	✅	number
activity_name	✅	✅	string
category_name	✅	✅	string
category_uid	✅	✅	number
class_uid	✅	✅	number
compliance.standards	❌	✅	unknown
compliance.status	❌	✅	string
compliance.status_id	❌	✅	number
count	✅	❌	number
device.desc	✅	❌	string
device.first_seen_time	✅	❌	timestamp
device.hostname	✅	❌	string
device.hw_info.bios_manufacturer	✅	❌	string
device.hw_info.bios_ver	✅	❌	string
device.hw_info.chassis	✅	❌	string
device.hw_info.serial_number	✅	❌	string
device.instance_uid	✅	❌	string
device.ip	✅	❌	string
device.last_seen_time	✅	❌	timestamp
device.mac	✅	❌	string
device.modified_time	✅	❌	timestamp
device.name	✅	❌	string
device.network_status	✅	❌	string
device.network_status_id	✅	❌	number
device.org.name	✅	❌	string
device.org.uid	✅	❌	string
device.os.build	✅	❌	string
device.os.name	✅	❌	string
device.os.type	✅	❌	string
device.os.type_id	✅	❌	number
device.os.version	✅	❌	string
device.type	✅	❌	string
device.type_id	✅	❌	number
device.uid	✅	❌	string
device.zone	✅	❌	string
finding_info	❌	✅	unknown
message	✅	❌	string
metadata.labels[]	✅	❌	string
metadata.loggers[].name	✅	❌	string
metadata.loggers[].version	✅	❌	string
metadata.product.name	❌	✅	string
metadata.product.vendor_name	✅	✅	string
metadata.product.version	✅	❌	string
metadata.version	✅	✅	string
resource.name	❌	✅	string
resource.type	❌	✅	string
resource.uid	❌	✅	string
severity	✅	❌	string
severity_id	✅	✅	number
status	✅	❌	string
status_id	✅	❌	number
time	✅	✅	number
type_name	✅	❌	string
type_uid	✅	✅	number

Cloud Security Supported Fields

query_cloud_resource_inventory

query_compliance_findings

Was this helpful?