splunk_cim/data_models/endpoint/
filesystem.rs

1use serde::{Serialize, Deserialize};
2
3type Timestamp = String;
4
5#[derive(Serialize, Deserialize, Clone, Debug)]
6pub struct Filesystem {
7	///  	The action performed on the resource. Expected values: acl_modified, created, deleted, modified, read
8	action: String,
9	///  	The endpoint pertaining to the filesystem activity.
10	dest: String,
11	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
12	dest_bunit: String,
13	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
14	dest_category: String,
15	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
16	dest_priority: String,
17	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
18	dest_requires_av: bool,
19	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
20	dest_should_timesync: bool,
21	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
22	dest_should_update: bool,
23	///  	The time that the file (the object of the event) was accessed.
24	file_access_time: Timestamp,
25	///  	The time that the file (the object of the event) was created.
26	file_create_time: Timestamp,
27	///  	A cryptographic identifier assigned to the file object affected by the event.
28	file_hash: String,
29	///  	The time that the file (the object of the event) was altered.
30	file_modify_time: Timestamp,
31	///  	The name of the file, such as notepad.exe.
32	file_name: String,
33	///  	The path of the file, such as C:\Windows\System32\notepad.exe.
34	file_path: String,
35	///  	Access controls associated with the file affected by the event.
36	file_acl: String,
37	///  	The size of the file that is the object of the event, in kilobytes.
38	file_size: String,
39	///  	The globally unique identifier of the process assigned by the vendor_product.
40	process_guid: String,
41	///  	The numeric identifier of the process assigned by the operating system.
42	process_id: String,
43	///  	This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
44	tag: String,
45	///  	The user account associated with the filesystem access.
46	user: String,
47	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
48	user_bunit: String,
49	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
50	user_category: String,
51	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
52	user_priority: String,
53	///  	The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data.
54	vendor_product: String,
55}