##YmlAttributeName,FortiSIEMAttributeName,FortiSIEMAttributeType
##need define new inter attribute for it
DestinationIsIpv6,isIpv6
Initiated,isInitialed
AllowedToDelegateTo,isAllowedToDelegateTo
##not find in WinOSWmiParser.xml
TargetDetails,details
Account_Name,user
Computer_Name,computer
Originating_Computer,srcName
FileHash,hashCode
FilePath,filePath
Fqbn,hostName
RuleId,ruleId,int
RuleName,ruleName
CallTrace,procPath
IntegrityLevel,integrityLevel
ParentIntegrityLevel,procTrustLevel,int
Company,company
ParentProcessGuid,procOwner
LogonGuid,uuid
ParentUser,userGrp
Hashes,hashCode
Imphash,hashIMP
OriginalFilename,srcFileName
OriginalFileName,srcFileName
ParentProcess,parentProcName
Product,product
sha1,hashSHA1
DestPort,destIpPort,int
Destination,destIpAddr,ip
destination.port,destIpPort,int
HostApplication,appName
TargetName,targetName
TargetProcessAddress,destMACAddr
Service,serviceName
Source,eventSource
ImagePath,procPath
Path,procPath
Payload,dataPayload
Properties,propName
QueryName,queryId
QueryResults,actionResult
QueryStatus,status
LogonProcessName,procName
ServicePrincipalNames,principal
HostVersion,version
FailureCode,errorNoInt,int
EngineVersion,version
DeviceClassName,deviceType
DeviceDescription,description
Status,status
AccessList,srcIpAddrList
AccessMask,fileAccess
AttributeLDAPDisplayName,propName
ContextInfo,lineContent
AttributeValue,propValue
GroupSid,groupID
AuditPolicyChanges,actionName
CallingProcessName,procName
GrantedAccess,accessKeyId
KeyLength,msgLen
keywords,msg
Keywords,msg
LayerRTID,permissionLevelID
Level,permissionLevelType
LDAPDisplayName,propName
Value,propValue
ObjectClass,osObjType
ObjectServer,serverName
ObjectValueName,osObjValue
PipeName,vpnTunnelName
PrivilegeList,privName
RelativeTargetName,targetName
SAMAccountName,accountName
ScriptBlockText,script
ShareName,fileName
SidHistory,essId
Signed,authResult
StartFunction,funName
StartModule,module
TicketEncryptionType,encryptAlgo
TicketOptions,paraName
IpAddress,srcIpAddr,ip
HiveName,procName
##find in WinOSWmiParser.xml
ComputerName,computer
CurrentDirectory,dirName
Description,description
FileVersion,fileVersion
GroupName,targetUserGrp
LogonId,winLogonId
NewName,newObjValue
ProcessName,procName
QNAME,destName
TargetFilename,fileName
User,user
Image,procName
ParentImage,parentProcName
CommandLine,command
TaskName,task
ServiceName,winSrvcName
TargetObject,regKeyPath
EventType,osObjAction
EventID,eventType
EventCode,eventType
Details,details
ParentCommandLine,parentCommand
Message,msg
HostName,hostName
FileName,fileName
TargetImage,targetProcName
Accesses,osObjAccessType
AccountName,user
DestinationIp,destIpAddr,ip
DestinationPort,destIpPort,int
DestinationHostname,destName
DestinationAddress,destIpAddr,ip
ObjectType,osObjType
ObjectName,osObjName
SourceImage,procName
SourceAddress,srcIpAddr,ip
SourcePort,srcIpPort,int
SourceNetworkAddress,srcIpAddr,ip
SourceWorkstation,srcName
TargetUserName,targetUser
UserName,user
SubjectDomainName,targetDomain
SubjectLogonId,winLogonId
SubjectUserName,user
SubjectUserSid,userId
Workstation,computer
WorkstationName,computer
ServiceFileName,serviceFileName
Signature,signatureName
ImageLoaded,loadedProcName
LogonType,winLogonType,int
AuthenticationPackage,procName
AuthenticationPackageName,procName
Device,deviceIdentification
PolicyName,policyName
TargetProcessId,targetProcId
TargetUser,targetUser
NewValue,newObjValue
SubjectAccountName,user
ClientAddress,srcIpAddr,ip
ProcessID,procId
TargetFileName,fileName
AccountDomain,domain
Computer,computer
DomainName,targetDomain
#network
dst_ip,destIpAddr,ip
src_ip,srcIpAddr,ip
dst_port,destIpPort,int
src_port,srcIpPort,int
dns_query,uriQuery
uri_query,uriQuery
parent_domain,domain
record_type,type
query,queryId
action,activityName
operation,opName
c-useragent,httpUserAgent
c-uri,httpEndUri
endpoint,targetName
service,serviceName
path,procPath
name,procName
cipher,password
request_type,type
answer,actionResult
resp_mime_types,type
message_size,msgLen,int
question_length,size,int
cs-method,httpMethod
sc-status,status
method,httpMethod
referer,httpReferrer
useragent,httpUserAgent
clientip,srcIpAddr,ip
MachineName,hostName