Group
Top Level Fieldset: False
The group fields capture groups related to the event.
Fields from group can only be found at the following locations:
user.groupuser.target.groupuser.effective.groupuser.changes.group
Group Fields
group.id
Required Field: False
Type: STRING
Example: 502386
Detection Supported Field: True
Unique ID for the group on the system.
group.name
Required Field: False
Type: STRING
Example: Admin Group
Detection Supported Field: True
Name of the group.