Forensic Search user interface,CSV Export,JSON,CEF,Data Type,Sample value
--,Event ID,eventId,,string,0_c4b5e830-824a-40a3-a6d9-345664cfbb33_941983451917189059_974935592122324249_54
Event Type,Event type,eventType,,string,MODIFIED
Date Observed,Date Observed (UTC),eventTimestamp,end,string($date-time),2020-10-04T23:34:31.009Z
--,Date inserted (UTC),insertionTimestamp,rt,string($date-time),2020-10-04T23:34:31.009Z
--,--,fieldErrors,,string,"{""field"": ""md5Checksum"", 
 ""error"": ""GDRIVE_NATIVE_HASH""}, 
 {""field"": ""sha256Checksum"", 
 ""error"": ""GDRIVE_NATIVE_HASH""}"
File Path,File path,filePath,filePath,string,C:/Users/
Filename,Filename,fileName,fname,string,Q1 Forecast.xlsx
--,File type,fileType,,string,FILE
File Category,File Category,fileCategory,fileType,string,SPREADSHEET
--,Identified Extension Category,fileCategoryByBytes,,string,Document
--,Current Extension Category,fileCategoryByExtension,,string,Document
File Size,File size (bytes),fileSize,fsize,integer($int64),2613250
File Owner,File Owner,fileOwner,,string,first.last
MD5 Hash,MD5 Hash,md5Checksum,fileHash,string,426b7d71e7ea804086e474fda7f3d6e7
SHA256 Hash,SHA-256 Hash,sha256Checksum,,string,f4d2911665f2392fe774d5e64eef5d8313331700b45f333da069507db00944a8
File Created Date,Create Date,createTimestamp,fileCreateTime,string($date-time),2020-02-10T04:37:56Z
File Modified Date,Modified Date,modifyTimestamp,fileModificationTime,string($date-time),2020-02-10T04:37:56Z
Username (Code42),Username,deviceUserName,suser,string,first.last@example.com
Hostname,Hostname,osHostName,shost,string,LAPTOP-0001
Fully Qualified Domain Name,Fully Qualified Domain Name,domainName,,string,LAPTOP-0001.example.com
IP Address (public),IP address (public),publicIpAddress,src,string,192.0.2.0
IP Address (private),IP address (private),privateIpAddresses,,string,"[""192.0.4.0"", ""0:0:0:0:0:0:0:1""]"
--,--,deviceUid,,string,421983451917189059
--,User UID,userUid,suid,string,429428473202283166
Actor,Actor,actor,,string,first.last
Directory ID,Directory ID,directoryId,,string,42BwMEK7Bcbq2MqnIkwFBOLCXhzLQYdLM
Source,Source,source,,string,Endpoint
--,URL,url,,string,https://drive.google.com/drive/folders/42_HMsEj0GIvFO0_nLw_ZTcrw6z
Shared,Shared,shared,,string,TRUE
Shared With Users,Shared With Users,sharedWith,,string,first.last@example.com
File exposure changed to,File exposure changed to,sharingTypeAdded,,string,Public via direct link
--,Cloud drive ID,cloudDriveId,,string,42BwMEK7Bcbq2MqnIkwFBOLCXhzLQYdLM
--,Detection Source Alias,detectionSourceAlias,,string,Google Drive US
--,--,fileId,,string,423156543288
Exposure Type,Exposure Type,exposure,reason,string,RemovableMedia
Process User,Process Owner,processOwner,spriv,string,first.last
Executable Name (Browser or Other App),Process Name,processName,sproc,string,\Program Files\Google\Chrome\Application\chrome.exe
Destination: Active tab titles and URLs,Tab Titles,tabTitles,,string,Marketing Assets - Google Drive - Google Chrome
Destination: Active tab titles and URLs,Tab Title Errors,titleError,,string,Metadata not supported for custom applications
Destination: Active tab titles and URLs,Tab URLs,tabURLs,,string,https://drive.google.com/drive/folders/42n7XSBQIfJ-a9B4Egv0GONOeC2EIVRbr
Destination: Active tab titles and URLs,Tab URL Errors,urlError,,string,Metadata not supported for custom applications
Source: Active tab titles and URLs,Source Tab URLs,sourceTabs.url,,string,https://drive.google.com/drive/folde...0GONOeC2EIVRbr
Source: Active tab titles and URLs,Source Tab URL Errors,sourceTabs.urlError,,string,Permissions not set
Source: Active tab titles and URLs,Source Tab Titles,sourceTabs.title,,string,Marketing Assets - Google Drive - Google Chrome
Source: Active tab titles and URLs,Source Tab Title Errors,sourceTabs.titleError,,string,Permissions not set
Tab/Window Title (Browser or Other App),Tab/Window Title,windowTitle,,string,Marketing Assets - Google Drive - Google Chrome
Tab URL (Browser),Tab URL,tabUrl,request,string,https://drive.google.com/drive/folders/42n7XSBQIfJ-a9B4Egv0GONOeC2EIVRbr
Device Vendor (Removable Media),Removable Media Vendor,removableMediaVendor,,string,SanDisk
Device Name (Removable Media),Removable Media Name,removableMediaName,,string,Ultra USB 3.0
Device Serial Number (Removable Media),Removable Media Serial Number,removableMediaSerialNumber,,string,42B2796EF73C48D0AA7768CB0E684842
Device Capacity (Removable Media),Removable Media Capacity,removableMediaCapacity,,integer($int64),34359738368
Device Bus Type (Removable Media),Removable Media Bus Type,removableMediaBusType,,string,USB
Device Media Name (Removable Media),Removable Media Media Name,removableMediaMediaName,,string,SanDisk Ultra USB 3.0 Media
Device Volume Name (Removable Media),Removable Media Volume Name,removableMediaVolumeName,,string,Example Volume
Device Partition ID (Removable Media),Removable Media Partition Id,removableMediaPartitionId,,string,00000001-0000-0000-0000-000000000000
Report column headers,Report Column Headers,reportColumnHeaders,,string,"USERNAME
ACCOUNT_NAME
TYPE
DUE_DATE
LAST_UPDATE
ADDRESS1_STATE"
Report description,Report Description,reportDescription,,string,Top 20 accounts based on annual revenue
Report ID,Report ID,reportId,,string,00OB00000042FHdMAM
Report name,Report Name,reportName,,string,Top Accounts Report
Number of rows,Report Record Count,reportRecordCount,,integer,36
Report type,Report Type,reportType,,string,Saved
Sync Destination (Cloud),Sync Destination,syncDestination,destinationServiceName,string,Dropbox
Sync Username (Cloud),Sync Destination Username,syncDestinationUserName,,string,first.last@example.com
Email DLP Policy Names,Email DLP Policy Names,emailDlpPolicyNames,,string,Sensitive Information (IP)
Subject,Email DLP Subject,emailSubject,,string,FWD: Confidential analysis
Sender,Email DLP Sender,emailSender,,string,first.last@example.com
From,Email DLP From,emailFrom,,string,first.last@example.com
Recipients,Email DLP Recipients,emailRecipients,,string,first.last@example.com
Risk Indicators - Off hours,Outside Active Hours,outsideActiveHours,,boolean,FALSE
--,Identified Extension MIME Type,mimeTypeByBytes,,string,text/plain
--,Current Extension MIME Type,mimeTypeByExtension,,string,text/x-sql
--,Suspicious File Type Mismatch,mimeTypeMismatch,,boolean,FALSE
Print Job Name,Print Job Name,printJobName,,string,ipp://localhost/printers/DeskJet_4200_series
Printer Name,Printer Name,printerName,,string,Microsoft Word - Resume.doc
--,--,printedFilesBackupPath,,string,/Sample/Path/d42001_6d45b6d4-a2cd-4c93-9986-29cf23916921/ zURJNo5.txt.octet-stream
Remote Activity,Remote Activity,remoteActivity,,string,TRUE
Trusted activity,Trust Reason,trustReason,,string,Trusted browser URL
Trusted activity,Trusted,trusted,,boolean,FALSE
Username (signed in to device),Logged in Operating System User,operatingSystemUser,,string,first.last
Destination Category,Destination Category,destinationCategory,,string,Cloud Storage
Destination Name,Destination Name,destinationName,,string,Dropbox
Risk score,Risk Score,riskScore,,integer($int32),8
Risk severity,Risk Severity,riskSeverity,,string,Critical
Risk indicators,"Risk Indicator Names
Risk Indicator Weights","riskIndicators
  name
  weight",,"name: string
weight: integer($int32)","Forensic Search: Off hours (+1), Google Drive upload (+5), Zip (+8)

CSV export
Risk Indicator Names: Off hours,Google Drive upload,Zip
Risk Indicator Weights: 1,5,8

JSON
""riskIndicators"": [
        {
          ""name"": ""Off hours"",
          ""weight"": 1
        },
        {
            ""name"": ""Google Drive upload"",
            ""weight"": 5
        },
        {
          ""name"": ""Zip"",
          ""weight"": 8
        }
      ]"