Resource
Top Level Fieldset: True
This field set captures information about a resource related to an event.
Fields from resource can also be found at the following locations:
resource.parent
Resource Fields
resource.count
Required Field: False
Type: INTEGER
Example: 100
Detection Supported Field: True
Number of items in the resource.
resource.id
Required Field: False
Type: STRING
Example: 32d28dg6
Detection Supported Field: True
Unique ID of the resource.
resource.name
Required Field: False
Type: STRING
Example: sales_report
Detection Supported Field: True
Name of the resource.
resource.type
Required Field: False
Type: STRING
Example: record
Detection Supported Field: True
Indicates the type of resource. The most descriptive type should be used to define a resource. For example, a file containing a report should have the resource.type of report rather than file.
Allowed Values
| Name | Description |
|---|---|
application | Application. Use application.* fields to capture application details. |
code | Resource that contains code. |
comment | Comment or generic message. Use email for email messages. |
credential | Identifier for a credential or secret. |
datastore | Database, data warehouse, or other data storage resource. |
destination | Receiver of an event, message, or any other output. Use destination.* fields to capture destination details. |
device | Device referenced in event. Use host.* fields to capture device details if applicable. |
email | Email. |
file | File. Use file.* fields to capture file details. |
folder | Folder or directory. |
group | Group of related users. |
issue | Bugs, security findings, or any other problem. |
list | Group of related items. |
organization | Company or other set of related users, groups, and resources. |
page | Web page or a page within a file. |
policy | Policy. Use policy.* fields to capture policy details. |
project | Group of related user stories or other work tracking. |
record | Row in a table or log. |
report | The output of a query or search. |
repository | Code or document repository. |
role | Group of related permissions associated with a user. |
rule | Detection rule. Use rule.* fields to capture rule details. |
shortcut | Shortcut or link to resource. |
space | Physical or virtual space, such as a meeting. Use space.* fields to capture space details. |
table | Usually refers to a database table. For a collection of related items, use list. |
tag | Metadata or label of a resource. |
task | Machine task, such as a cron job or continuous integration check. |
unknown | Resource type is unknown. |
user | Target user. Use user.target.* fields to capture user details. |