Identity
Top Level Fieldset: False
This field set contains information about a identity that is related to the event.
Fields from identity can only be found at the following locations:
user.identityuser.target.identityuser.effective.identityuser.changes.identity
Identity Fields
identity.admin
Required Field: False
Type: BOOL
Example: True
Detection Supported Field: True
Indicates whether an identity has administrative privileges.
identity.elevated
Required Field: False
Type: BOOL
Example: True
Detection Supported Field: True
Indicates whether an identity has elevated privileges.
identity.email
Required Field: False
Type: STRING
Example: jdoe@example.com
Detection Supported Field: True
Email address of the identity.
identity.full_name
Required Field: False
Type: STRING
Example: Jane Doe
Detection Supported Field: True
Display name of the identity.
identity.id
Required Field: False
Type: STRING
Example: 2d152ca0-c7e0-4e15-a19b-ff348c287c1a
Detection Supported Field: True
Unique ID of the identity.