Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Prefixes
Different ASIM schemas prefix the entity fields by the following prefixes:
Srcis typically used to designate a client application.DstorTargetis commonly used to designate a remote application, typically on a server.
Fields
| Field | Class | Type | Description |
|---|---|---|---|
| AppName | Optional | String | The name of the application. Example: Facebook |
| AppId | Optional | String | The ID of the application, as reported by the reporting device. If AppType is Process, DstAppId and DstProcessId should have the same value.Example: 124 |
| AppType | Optional | AppType | The type of the application. Supported values include: Process, Service, Resource, URL, SaaS application, CSP, and Other.This field is mandatory if DstAppName or DstAppId are used. |
| ProcessName | Optional | String | The file name of the process used by the application. Example: C:\Windows\explorer.exe |
| Process | Alias | Alias to the ProcessName Example: C:\Windows\System32\rundll32.exe |
|
| ProcessId | Optional | String | The process ID (PID) of the process the application is using. Example: 48610176 Note: The type is defined as string to support varying systems, but on Windows and Linux this value must be numeric. If you are using a Windows or Linux machine and used a different type, make sure to convert the values. For example, if you used a hexadecimal value, convert it to a decimal value. |
| ProcessGuid | Optional | String | A generated unique identifier (GUID) of the process used by the application. Example: 01234567-89AB-CDEF-0123-456789ABCDEF |