Event field name |
Field value |
|
|
|
|
|
|
|
Description of the error, if an error occurred, otherwise the field is empty. |
|
This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty. |
|
The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address. |
|
Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side. |
|
Login of the user who sent the request. |
|
ID of the user who sent the request. |
|
KUMA asset ID which causes the response. The value is not specified if the response is based on a hash or for all assets. |
|
The external ID assigned to KUMA in KEDR. If there is only one external ID, it is not filled in when started on user hosts. |
|
List of IP/FQDN addresses of the asset for the host prevention rule based on the selected hash from the event card. |
|
|
|
Sensor ID parameter in KEDR (UUIDv4 | 'all' | 'custom'). |
|
|
|
ID of the service that caused the response. Filled in only in case of automatic response. |
|
Task type name: |
|
|
|
Tenant ID. |
|
|
|
Tenant name. |
|
|