File Fields
editFile Fields
editA file is defined as a set of information that has been created on, or has existed on a filesystem.
File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric.
File Field Details
editField | Description | Level |
---|---|---|
file.ctime |
Last time file metadata changed. type: date |
extended |
file.device |
Device that is the source of the file. type: keyword |
extended |
file.extension |
File extension. This should allow easy filtering by file extensions. type: keyword example: |
extended |
file.gid |
Primary group ID (GID) of the file. type: keyword |
extended |
file.group |
Primary group name of the file. type: keyword |
extended |
file.inode |
Inode representing the file in the filesystem. type: keyword |
extended |
file.mode |
Mode of the file in octal representation. type: keyword example: |
extended |
file.mtime |
Last time file content was modified. type: date |
extended |
file.owner |
File owner’s username. type: keyword |
extended |
file.path |
Path to the file. type: keyword |
extended |
file.size |
File size in bytes (field is only added when type: long |
extended |
file.target_path |
Target path for symlinks. type: keyword |
extended |
file.type |
File type (file, dir, or symlink). type: keyword |
extended |
file.uid |
The user ID (UID) or security identifier (SID) of the file owner. type: keyword |
extended |