Report Column Codes for Report APIs
Use the report column codes in the tables in the following APIs: POST
/api/rules_explorer/{reportId}/download_csv, POST
/api/rules_explorer/{reportId}/download_json, or GET
/api/rules_explorer/{reportId}/result.
Rule Attribute Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
Rule_ID |
ID |
|
Rule_UUID |
UUID |
|
Attribute_Name |
N |
|
Attribute_Rule |
R |
|
Attribute_Enabled |
EN |
|
Attribute_Action |
A |
|
Attribute_Response |
RE |
|
Attribute_Creation_Date |
CD |
|
Attribute_Modification_Date |
MD |
|
Attribute_Group |
GR |
|
Attribute_Type |
T |
|
Attribute_Notes |
NO |
|
Attribute_Offense_Type |
OT |
|
Attribute_Triggered |
TG |
|
Attribute_First_Triggered |
FTG |
|
Attribute_Last_Triggered |
LTG |
|
Test_Definition |
TD |
|
Event_Name |
E |
|
Event_Description |
ED |
|
Low_Level_Category |
LLC |
|
Rule_Category |
RC |
|
Rule_Origin |
RO |
|
Response_Details |
RED |
|
Action_Details |
AD |
|
UBA_Risk |
URSK |
Content Extension Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
Not_Installed_CE |
NI |
|
Content_Extension_name |
CEN |
|
Content_Extension_Category |
CEG |
Test Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
Log_Source_Type |
LST |
|
IP |
IPC |
|
Port |
PR |
|
Reference_Set |
RS |
|
Reference_Set_With_Number_Of_Elements |
RSS |
|
Xforce |
XF |
|
Network_Hierarchy |
NH |
|
Network_Hierarchy_And_Context |
NHC |
|
Network |
NT |
|
End_Point |
EP |
|
Custom_Property |
CP |
|
Domain |
DOM |
|
Reference_Data |
RD |
|
Log_Source |
LS |
|
QID_IDs |
QID |
|
Category_IDs |
CAT |
|
Errors |
ER |
|
GEO |
GEO |
|
Ariel_Search |
ARL |
|
Threshold |
THR |
|
Log_Source_Group |
LSG |
|
Log_Source_Type_ID |
LST_ID |
|
Log_Source_Type_RO |
LST_RO |
MITRE Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
Tactic |
TAC |
|
Technique |
TEC |
|
Sub_Technique |
STEC |
|
Tactic_RO |
TAC_RO |
|
Sub_Technique_RO |
STEC_RO |
|
Mapping_Enabled |
MAP_EN |
|
Mapping_Confidence |
MAP_C |
|
Tactic_ID |
TAC_ID |
|
Technique_ID |
TEC_ID |
|
Sub_Technique_ID |
STEC_ID |
|
Mapping_Source |
MAP${SOURCE_COLUMN_SUFFIX} |
Offense Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
Description |
OD |
|
Type |
TP |
|
Type_Value |
TV |
|
Status |
ST |
|
Event_Count |
EC |
|
Offense_ID |
OID |
Rule Activity Columns
The following table describes the codes to use in the API for each report column.
|
Report column name |
Code |
|---|---|
|
First_Triggered |
FTG |
|
Last_Triggered |
LTG |