File

Top Level Fieldset: True

This field set is used to define information about a file related to an event. resource.type should always be defined when file fields are used.

File Fields

file.created

Required Field: False
Type: DATETIME
Example: 2022-11-17T06:30:10.442Z
Detection Supported Field: False

Date/time the file was created.

file.directory

Required Field: False
Type: STRING
Example: /home/reports
Detection Supported Field: True

Directory where the file is located. It should include the drive letter if applicable.

file.extension

Required Field: False
Type: STRING
Example: docx
Detection Supported Field: True

File extension, excluding the leading dot.

file.hash

Required Field: False
Type: STRING
Example: 0a50475bcaaf0de19d0b0be78ac36ef6ac8ee6f0cd745c2e625f69523c64e544
Detection Supported Field: True

Hash of the file. Value may be the result of any hashing algorithm.

file.id

Required Field: False
Type: STRING
Example: 32d28dg6
Detection Supported Field: True

Unique ID of the file. This value should be duplicated to resource.id.

file.name

Required Field: False
Type: STRING
Example: sales_report.docx
Detection Supported Field: True

Name of the file. This value should be duplicated to resource.name.

file.path

Required Field: False
Type: STRING
Example: /home/reports/sales_report.docx
Detection Supported Field: True

Full path to the file, including the file name.

file.size

Required Field: False
Type: INTEGER
Example: 256321
Detection Supported Field: True

File size in bytes.