postgresql
April 24, 2024 · View on GitHub
Expression
product = "postgresql"
Fields
| Field | Core | Detection | Informational |
|---|---|---|---|
| src_ip | ✓ | ||
| db_name | ✓ | ||
| additional_info | ✓ | ||
| db_user | ✓ | ||
| alert_id | ✓ | ||
| event_name | ✓ | ||
| src_host | ✓ | ||
| dtz | ✓ | ||
| database_user_name |
Activity Types
| Activity Type | Field | Status | Core | Detection | Informational |
|---|---|---|---|---|---|
| database-activity | user | Default | ✓ | ||
| database-delete | user | Legacy | ✓ | ||
| database-login | |||||
| database-query | src_port | ||||
| transaction_id | |||||
| severity | |||||
| process_id | |||||
| object_type | |||||
| dest_ip | |||||
| session_id | |||||
| dest_host | Legacy | ✓ | |||
| user | Legacy | ✓ | ✓ | ||
| operation | |||||
| db_object |