Related

Top Level Fieldset: True

This field set indicates related fields which can enable pivoting to associated events.

Related Fields

related.event

Required Field: False
Type: ARRAY
Example: ['733e5b47-d79b-40c1-bc8c-b19c22137785']
Detection Supported Field: True

Event IDs related to an event. Reflecting the AppOmni Event ID from appomni.event.id.

related.hash

Required Field: False
Type: ARRAY
Example: ['']
Detection Supported Field: True

Hashes related to an event. Values may be the result of any hashing algorithm.

related.host

Required Field: False
Type: ARRAY
Example: ['ao-desktop1']
Detection Supported Field: True

Hosts related to an event. Values may be the hostname, FQDN, or user-defined name.

related.identity

Required Field: False
Type: ARRAY
Example: ['2d152ca0-c7e0-4e15-a19b-ff348c287c1a']
Detection Supported Field: True

Identity IDs related to an event.

related.ip

Required Field: False
Type: ARRAY
Example: ['8.8.8.8']
Detection Supported Field: True

IP addresses related to an event (IPv4 or IPv6.)

related.resource

Required Field: False
Type: ARRAY
Example: ['32d28dg6']
Detection Supported Field: True

Resources related to an event.

related.services.id

Required Field: False
Type: ARRAY
Example: [1]
Detection Supported Field: True

AppOmni Service IDs related to an event.

related.services.name

Required Field: False
Type: ARRAY
Example: ['AppOmni QA US1']
Detection Supported Field: True

AppOmni Service Names related to an event.

related.services.type

Required Field: False
Type: ARRAY
Example: ['ao_qa']
Detection Supported Field: True

AppOmni Service Types related to an event.

related.user

Required Field: False
Type: ARRAY
Example: ['ABCDEFG']
Detection Supported Field: True

Users related to an event.