proofpoint insider threat management
March 22, 2023 · View on GitHub
Expression
product = proofpoint insider threat management
Fields
There are no fields for this extension.
Activity Types
| Activity Type | Field | Status | Core | Detection | Informational |
|---|---|---|---|---|---|
| alert-trigger | app | ||||
| country | |||||
| city | |||||
| object_type | |||||
| last_name | |||||
| failure_reason | |||||
| result | |||||
| src_ip | Legacy | ✓ | ✓ | ||
| email_address | |||||
| full_name | |||||
| additional_info | |||||
| state | |||||
| user | Legacy | ✓ | |||
| first_name | |||||
| result_at | |||||
| user_agent | |||||
| object |