Correlate Threat Defense Event Fields and Column Names
On the Security Cloud Control Event Logging page, you can click on any event to expand its details and view all the associated event fields. Note that the names of some event fields may differ from those of the column headers in the Security Cloud Control event viewer where the values of these fields are displayed. The table below lists those threat defense event fields that have differing column names and provides a comparison between the threat defense event field and the respective column name.
|
Security Cloud Control Column Name |
FTD Event Field |
|---|---|
|
Date/Time |
Timestamp |
|
Detection Type |
ClientAppDetector |
|
Encrypted Visibility Fingerprint |
EVE_Fingerprint |
|
Encrypted Visibility Process Name |
EVE_Process |
|
Encrypted Visibility Process Confidence Score |
EVE_ProcessConfidencePct |
|
Encrypted Visibility Threat Confidence |
EVE_ThreatConfidenceIndex |
|
Encrypted Visibility Threat Confidence Score |
EVE_ThreatConfidencePct |
|
MITRE |
MitreAttackGroups |
|
NAT Source IP |
NAT_InitiatorIP |
|
NAT Source Port |
NAT_InitiatorPort |
|
Rule Group |
SnortRuleGroups |