lumension

October 17, 2024 · View on GitHub

Expression

product = "lumension"

Fields

Field	Core	Detection	Informational
device_id			✓
user_id			✓
bytes			✓
domain			✓
fallback_user_name
device_type			✓
domain_user_name
user			✓
operation_details			✓
operation			✓

Activity Types

Activity Type	Field	Status	Core	Detection	Informational
file-read
file-write
peripheral_storage-activity	file_path	Default			✓
	device_product				✓
	file_ext	Default			✓
	file_name	Default			✓
	device_pid				✓
	device_description				✓
	device_class				✓
	device_vendor				✓
	device_vid				✓
peripheral_storage-insert	file_path
	device_product				✓
	file_ext
	file_name
	device_pid				✓
	device_description				✓
	device_class				✓
	device_vendor				✓
	device_vid				✓