Predefined search fields and values

Skip to main content

ON PREMISES SOLUTIONS

Predefined search fields and values

The following tables display the search fields with predefined values, grouped by category:

Network

Field name	Predefined values
network.direction	outbound inbound both

Process

Field name	Predefined values
process.integrity_level	untrusted low medium high system
process.parent_integrity_level	untrusted low medium high system
process.access_privileges	elevated restricted
process.parent_access_privileges	elevated restricted

Registry

Field name	Predefined values
registry.operation	read write create delete
registry.type	none sz expand_sz binary dword dword_little_endian dword_big_endian link multi_sz resource_list full_resource_descriptor resource_requirements_list qword

User

Field name	Predefined values
user.type	user organization_administrator datacenter_account system_acount application service custom_policy system_policy

Email

Field name	Predefined values
email.logon_type	owner administrator delegate microsoft_transport_service microsoft_service_account delegated_administrator

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.