singularity platform

Expression

product = "singularity platform"

Fields

Field	Core	Detection	Informational
process_name			✓
bytes			✓
domain			✓
user_sid			✓
fallback_user_name
domain_user_name
user			✓

Activity Types

Activity Type	Field	Status	Core	Detection	Informational
alert-trigger	file_path	Legacy			✓
	file_ext
	agent_id
	file_name	Legacy	✓
	process_name	Legacy		✓
	dest_ip	Legacy	✓	✓
	file_dir	Legacy			✓
	dest_host	Legacy		✓
app-activity	src_ip	Default		✓
	src_mac	Default			✓
	additional_info	Default			✓
	hash_md5	Default			✓
dns-request	process_id
	hash_sha1
	agent_id
	alert_severity
	process_dir
	src_host	Legacy	✓	✓
	alert_type
	hash_sha256
	process_name
	alert_id
	hash_md5
	event_name
	process_path
	alert_name
	user_agent
dns-response	process_id
	hash_sha1
	agent_id
	alert_severity
	process_dir
	alert_type
	hash_sha256
	process_name
	alert_id
	hash_md5
	event_name
	process_path
	alert_name
	user_agent
file-delete	src_ip
	dest_ip
	event_name
file-read	src_ip
	agent_id
	alert_severity
	dest_ip
	alert_id
	src_host	Legacy		✓
	alert_name
	alert_type
file-write	src_ip
	dest_ip
	event_name
http-session	agent_id	Default			✓
	process_name	Default			✓
	alert_id	Default			✓
	malware_url	Default			✓
	src_host	Default		✓
network-traffic	agent_id	Default			✓
	process_name	Default			✓
	alert_severity	Default			✓
	alert_id	Default			✓
	dest_host	Default		✓
	event_name	Default			✓
	process_dir	Default			✓
	process_path	Default			✓
	alert_name	Default			✓
	alert_type	Default			✓
process-create	src_ip	Default		✓
	hash_sha256	Default			✓
	process_signed	Default
	agent_id	Default			✓
	dest_ip	Default		✓
	object	Default			✓
registry-modify	src_ip
	agent_id
	process_name
	alert_severity
	dest_ip
	alert_id
	alert_name
	alert_type
	object
scheduled_task-create	src_ip
	hash_sha256
	process_id	Legacy			✓
	hash_sha1
	process_name	Legacy	✓	✓
	dest_ip
	hash_md5
	event_name
	process_dir	Legacy			✓
	process_path	Legacy		✓
	process_command_line
	user_agent