This document provides details on the query order fields and directions that are supported by each provider for each operation. Orders can be used to specify the direction of the results of an operation, such as ordering by a specific field in ascending or descending order. If a provider or operation does not support ordering, it will not be listed here.
| Field | CrowdStrike Falcon® Insight EDR | [MOCK] CrowdStrike Falcon® Insight EDR | Microsoft Defender for Endpoint | ESET Connect | ThreatDown Endpoint Detection & Response | SentinelOne Singularity™ Endpoint | Sophos Endpoint | Tanium EDR |
|---|
| attacks.tactic.name | asc, desc | | | | | | | |
| attacks.tactic.uid | asc, desc | | | | | | | |
| attacks.technique.name | asc, desc | | | | | | | |
| attacks.technique.uid | asc, desc | | | | | | | |
| comment | asc, desc | | | | | | | |
| composite_id | asc, desc | | | | | | | |
| confidence_score | asc, desc | | | | | | | |
| device.first_seen_time | asc, desc | | | | | | | |
| device.first_seen_time_dt | asc, desc | | | | | | | |
| device.hostname | asc, desc | | | | | | | |
| device.last_seen_time | asc, desc | | | | | | | |
| device.last_seen_time_dt | asc, desc | | | | | | | |
| device.os.type | asc, desc | | | | | | | |
| device.uid | asc, desc | | | | | | | |
| device.uid_alt | asc, desc | | | | | | | |
| finding_info.created_time | asc, desc | | | | | | | |
| finding_info.created_time_dt | asc, desc | | | | | | | |
| finding_info.last_seen_time | asc, desc | | | | | | | |
| finding_info.last_seen_time_dt | asc, desc | | | | | | | |
| finding_info.types | asc, desc | | | | | | | |
| finding_info.uid | asc, desc | | | | | | | |
| metadata.loggers.logged_time | asc, desc | | | | | | | |
| metadata.tenant_uid | asc, desc | | | | | | | |
| resources.name | asc, desc | | | | | | | |
| resources.uid | asc, desc | | | | | | | |
| risk_score | asc, desc | | | | | | | |
| start_time | asc, desc | | | | | | | |
| start_time_dt | asc, desc | | | | | | | |
| time | asc, desc | | | | | | | |
| time_dt | asc, desc | | | | | | | |
| vulnerabilities.desc | asc, desc | | | | | | | |
| vulnerabilities.title | asc, desc | | | | | | | |
| Field | CrowdStrike Falcon® Insight EDR | [MOCK] CrowdStrike Falcon® Insight EDR | Microsoft Defender for Endpoint | ESET Connect | ThreatDown Endpoint Detection & Response | SentinelOne Singularity™ Endpoint | Sophos Endpoint | Tanium EDR |
|---|
| product.name | asc, desc | | asc, desc | | asc, desc | asc, desc | asc, desc | asc, desc |
| Field | CrowdStrike Falcon® Insight EDR | [MOCK] CrowdStrike Falcon® Insight EDR | Microsoft Defender for Endpoint | ESET Connect | ThreatDown Endpoint Detection & Response | SentinelOne Singularity™ Endpoint | Sophos Endpoint | Tanium EDR |
|---|
| status | | | | | asc, desc | | asc, desc | |
| time | asc, desc | | asc, desc | | | asc, desc | | |