Example of the Telemetry events generated by a Snare Enterprise Agent for Windows:
Note
This example shows the events in Snare format. The first four fields are the event header and may be formatted differently in other event formats (i.e. SYSLOG)
Below is a table describing the contents of a Telemetry Event generated by Snare Agent.
| Field | Type | Description |
|---|---|---|
| Hostname | String | The host name of the originating computer. |
| EventType | String | TelemetryLog - the type of event generated. |
SecurityLevel | Integer | The severity level (Criticality) of the generated event. |
| TimeCreated | Datetime | The time at which the telemetry event was . (YYYY-MM-DDThh:mm:ss) |
| DigestType | String | SHA512 - the hashing algorithm used. |
| EventAction | String | One of CHANGE, DELETE, RENAME or NEW. |
| MetricType | String | CPU|DSK|MEM|NET |
InstanceName (May change to ObjectName) | String | The name of the hardware interface the event is sourced. |
| EventName | String | The name of the metric of the hardware interface. |
| Value | Float | The value of the metric. |
| ObjectOwner | String | The owner of the object that the change was detected on. |
| ObjectMTime | Datetime | The modification time (mtime) of the object when the change is detected. (YYYY-MM-DDThh:mm:ss) |
| EventChecksum | String | The calculated digest (checksum) value. |
Please refer to The Web User Interface (UI) → File Integrity Monitoring page in this User Guide for instructions on how to configure periodic FIM scans in the Snare Agent.