Supported Fields

Leen ModelSentinelOne1CrowdStrikeMicrosoft Defender
vendor_id
title
description
assigned_user
severity
vendor_severity
status
vendor_status
first_event_time
last_event_time
resolved_time
pid
process_created_at
process_filename
process_command_line
process_sha1
process_sha256
process_md5
parent_pid
user_name
windows_sid
active_directory_username
active_directory_domain
tactic_name
tactic_id
tactic_source
technique_name
technique_id
technique_link

For any additional information about our field mappings or integrations please contact us.

[1] SentinelOne provides limited alert information if the alert is not of type Dynamic