endpoint-command
July 31, 2024 · View on GitHub
Description
A virtual command was set to execute on an endpoint object. Only used in VMs.
Parameters
| Parameter | Value |
|---|---|
| Subject | endpoint |
| Activity | command |
| Activity Type | endpoint-command |
| Pretty Name | Endpoint Command |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
endpoint-command:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| instance_id | ✓ |
endpoint-command:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| instance_id | ✓ | ||
| failure_reason | ✓ |