[{"data":1,"prerenderedAt":1748},["ShallowReactive",2],{"page-data-authentication_and_access-zh":3,"categories-authentication_and_access-search-data-zh":56,"markdown-authentication_and_access-authentication_access_host_login-zh":1743,"data-sources-zh--authentication_and_access-authentication_access_host_login":1744,"tags-zh--authentication_and_access-authentication_access_host_login":1747},{"dataTypes":4,"versionsMap":22,"activeType":6,"schema":35,"siblingSchemas":39},[5,10,14,18],{"dataType":6,"dataTypeChName":7,"description":8,"label":9,"value":6},"log","","由操作系统、应用程序或安全设备按时间顺序生成的事件记录。日志提供了不可篡改的审计追踪，用于监控系统状态、调查可疑活动以及在事后进行取证分析。","日志",{"dataType":11,"dataTypeChName":7,"description":12,"label":13,"value":11},"alert","由安全系统（如SIEM、IDS或防火墙）自动生成的通知，表示预定义的安全规则或异常检测阈值已被触发。","告警",{"dataType":15,"dataTypeChName":7,"description":16,"label":17,"value":15},"asset","指组织中任何具有价值并需要保护的数据、设备或系统组成部分，包括硬件、软件、信息及网络资源。","资产",{"dataType":19,"dataTypeChName":7,"description":20,"label":21,"value":19},"incident","指已确认或即将发生的违反组织安全策略、可接受使用政策或标准安全实践的行为。安全事件通常由告警经调查后升级而来，需要协调响应以控制影响。","安全事件",{"log":23,"alert":29,"asset":31,"incident":33},[24],{"value":25,"label":26,"verDesc":27,"isLatest":28},"1.0","v1.0","Default Version",true,[30],{"value":25,"label":26,"verDesc":27,"isLatest":28},[32],{"value":25,"label":26,"verDesc":27,"isLatest":28},[34],{"value":25,"label":26,"verDesc":27,"isLatest":28},{"id":36,"title":37,"description":38,"dataType":6},"authentication_and_access","身份认证与访问","该日志类型记录网络基础设施内的身份验证尝试、访问控制事件以及用户身份验证活动。",[35,40,44,48,52],{"id":41,"title":42,"description":43,"dataType":6},"data_security_audit","数据安全审计","记录数据访问、修改及安全相关活动的详细日志，用于合规性审查和取证分析。",{"id":45,"title":46,"description":47,"dataType":6},"network_session_audit","网络会话审计","网络会话审计日志记录了设备间通信会话的详细数据，包括时间戳、源/目标IP地址、端口及协议信息，用于安全分析。",{"id":49,"title":50,"description":51,"dataType":6},"host_behavior_audit","主机行为审计","该日志类型记录主机活动的详细审计轨迹，包括用户命令、进程执行和系统修改，用于安全监控和取证分析。",{"id":53,"title":54,"description":55,"dataType":6},"operation_monitoring_audit","运维监控审计","该日志类型记录运维监控活动的详细审计轨迹，包括系统性能指标、配置变更和管理访问事件，用于合规性审查与安全分析。",{"authentication_and_access":57},{"categoryId":36,"fields":58,"subCategories":1726},[59,71,77,83,89,316,322,328,334,341,347,353,359,365,373,391,484,605,612,618,624,630,636,642,648,654,660,666,672,678,684,690,696,702,708,714,720,726,746,760,894,899,905,911,917,923,929,935,941,947,953,959,965,971,977,983,989,995,1001,1007,1013,1019,1025,1028,1031,1034,1092,1095,1098,1101,1104,1107,1110,1113,1116,1119,1125,1150,1182,1185,1188,1191,1194,1197,1200,1206,1212,1218,1224,1227,1233,1239,1245,1251,1257,1260,1266,1272,1278,1284,1290,1296,1363,1369,1372,1374,1380,1386,1389,1392,1398,1401,1404,1407,1410,1413,1416,1419,1422,1480,1483,1486,1489,1492,1495,1498,1501,1504,1507,1513,1538,1570,1576,1579,1582,1585,1588,1591,1594,1597,1600,1603,1606,1609,1612,1615,1618,1621,1624,1627,1632,1699,1706,1709,1712,1715,1718,1720,1723],{"id":60,"fieldName":60,"fieldType":61,"displayName":62,"importance":63,"description":64,"tag":-1,"dataSource":65,"enumValues":68,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"machineCode","string","机器码","REQUIRED","机器码是日志来源设备的唯一标识符（设备ID），主要用于设备级联追踪。该字段值应保持全局唯一性，若无现成的设备ID，可参考硬件编码或基于许可证（license）信息生成。格式上，它必须为字符串，允许使用的字符包括大写字母（A-Z）、小写字母（a-z）和数字（0-9）。长度无固定限制，但应保证其唯一性和可管理性。",[66,67],"VPN系统","零信任",[],"authentication_access_app_auth","应用访问认证",{"id":72,"fieldName":72,"fieldType":61,"displayName":73,"importance":63,"description":74,"tag":-1,"dataSource":75,"enumValues":76,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"productVendorName","产品厂商名称","产品厂商名称字段用于标识安全产品厂商的官方全称。格式为字符串，无特定字符集限制，但应使用厂商在工商注册或官方宣传中使用的标准名称，以确保一致性和准确性。",[66,67],[],{"id":78,"fieldName":78,"fieldType":61,"displayName":79,"importance":63,"description":80,"tag":-1,"dataSource":81,"enumValues":82,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceSendProductName","设备产品名称","设备产品名称用于标识生成日志的软件或硬件产品的官方标准名称。格式为字符串，需使用明确、规范的官方产品名称。",[66,67],[],{"id":84,"fieldName":84,"fieldType":61,"displayName":85,"importance":63,"description":86,"tag":-1,"dataSource":87,"enumValues":88,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceName","设备名称","设备名称，用于标识日志生成设备的名称，可添加资产属性（如总部、下级等）。",[66,67],[],{"id":90,"fieldName":90,"fieldType":91,"displayName":92,"importance":63,"description":93,"tag":-1,"dataSource":94,"enumValues":95,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceAssetSubTypeId","enum","设备子类型ID","设备子类型ID是设备类型子分类的唯一数字标识符，用于标识具体的设备子类型。该字段为枚举类型，取值应在系统定义的枚举值范围内。",[66,67],[96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252,256,260,264,268,272,276,280,284,288,292,296,300,304,308,312],{"value":97,"title":98,"description":99},"1","Windows","Microsoft Windows操作系统",{"value":101,"title":102,"description":103},"2","Nix","类Unix操作系统，包括Linux和BSD变种",{"value":105,"title":106,"description":107},"3","路由器","网络路由设备，用于在网络之间转发数据包",{"value":109,"title":110,"description":111},"4","交换机","网络交换设备，用于在局域网内连接设备并转发数据帧",{"value":113,"title":114,"description":115},"5","VPN","虚拟专用网络设备，提供安全的远程访问和站点到站点连接",{"value":117,"title":118,"description":119},"6","负载均衡","负载均衡设备，用于分发网络流量以提高性能和可靠性",{"value":121,"title":122,"description":123},"7","防火墙","网络安全设备，用于控制进出网络的流量基于安全规则",{"value":125,"title":126,"description":127},"8","网闸","网络隔离设备，用于在安全级别不同的网络之间进行安全数据交换",{"value":129,"title":130,"description":131},"9","入侵检测系统(IDS)","入侵检测系统，用于监控网络或系统活动以检测恶意行为",{"value":133,"title":134,"description":135},"10","入侵防护系统(IPS)","入侵防护系统，在检测到威胁时主动阻止恶意流量",{"value":137,"title":138,"description":139},"11","统一威胁管理(UTM)","统一威胁管理设备，集成多种安全功能如防火墙、防病毒和入侵防护",{"value":141,"title":142,"description":143},"12","下一代防火墙","下一代防火墙，提供应用层检测、深度包检查和高级威胁防护",{"value":145,"title":146,"description":147},"13","Web应用防火墙(WAF)","Web应用防火墙，专门保护Web应用程序免受SQL注入、XSS等攻击",{"value":149,"title":150,"description":151},"14","流量监测设备","网络流量监测设备，用于实时分析和监控网络流量模式",{"value":153,"title":154,"description":155},"15","网页防篡改","网页防篡改系统，保护网站内容不被未经授权修改",{"value":157,"title":158,"description":159},"16","抗DDoS系统","抗分布式拒绝服务攻击系统，缓解DDoS攻击以保护服务可用性",{"value":161,"title":162,"description":163},"17","防病毒系统","防病毒系统，检测和清除恶意软件、病毒和木马",{"value":165,"title":166,"description":167},"18","防间谍系统","防间谍软件系统，防止间谍软件窃取敏感信息和监控用户活动",{"value":169,"title":170,"description":171},"19","防泄密系统","数据防泄密系统，监控和防止敏感数据通过各类渠道泄露",{"value":173,"title":174,"description":175},"20","邮件审计系统","邮件审计系统，监控和审计电子邮件内容以符合安全策略和合规要求",{"value":177,"title":178,"description":179},"21","身份管理系统","身份和访问管理系统，管理用户身份认证、授权和权限",{"value":181,"title":182,"description":183},"22","流量清洗系统","流量清洗系统，过滤恶意流量以保护网络资源和业务连续性",{"value":185,"title":186,"description":187},"23","数据库审计系统","数据库审计系统，监控和记录数据库访问、操作和权限变更",{"value":189,"title":190,"description":191},"24","Web审计系统","Web审计系统，审计Web应用程序的访问、操作和安全事件",{"value":193,"title":194,"description":195},"25","运维审计系统","运维审计系统，监控和记录系统运维操作，防止越权访问",{"value":197,"title":198,"description":199},"26","上网行为审计系统","上网行为审计系统，监控和审计员工网络使用行为以符合安全策略",{"value":201,"title":202,"description":203},"27","统一审计网关","统一审计网关，集中收集、规范化和分析各类审计日志",{"value":205,"title":206,"description":207},"28","日志审计系统","日志审计系统，收集、存储、分析和告警系统安全日志",{"value":209,"title":210,"description":211},"29","安全管理系统","安全管理系统，集成安全管理功能如策略管理、风险管理和事件响应",{"value":213,"title":214,"description":215},"30","蜜罐系统","蜜罐系统，诱骗攻击者以收集攻击信息和分析攻击手法",{"value":217,"title":218,"description":219},"31","应用扫描器","应用程序漏洞扫描器，检测Web应用和移动应用的安全漏洞",{"value":221,"title":222,"description":223},"32","网络扫描器","网络漏洞扫描器，扫描网络设备、服务和端口以发现安全漏洞",{"value":225,"title":226,"description":227},"33","主机扫描器","主机漏洞扫描器，扫描操作系统和应用程序漏洞及配置问题",{"value":229,"title":230,"description":231},"34","WEB服务器","Web服务器软件，如IIS、Apache、Nginx等，托管网站和应用",{"value":233,"title":234,"description":235},"35","数据库服务器","数据库服务器软件，如MySQL、Oracle、SQL Server等，存储和管理数据",{"value":237,"title":238,"description":239},"36","邮件服务器","邮件服务器软件，如Exchange、Postfix等，处理电子邮件收发",{"value":241,"title":242,"description":243},"37","存储服务器","存储服务器，提供数据存储、备份和共享服务",{"value":245,"title":246,"description":247},"38","FTP服务器","FTP服务器，提供文件传输协议服务，支持文件上传下载",{"value":249,"title":250,"description":251},"39","应用服务器","应用服务器，运行企业应用程序和业务逻辑，如Java EE、.NET应用",{"value":253,"title":254,"description":255},"43","Windows审计代理","Windows系统审计代理，收集Windows事件日志和系统活动",{"value":257,"title":258,"description":259},"44","Nix审计代理","类Unix系统审计代理，收集Linux/Unix系统日志和审计数据",{"value":261,"title":262,"description":263},"45","WMI审计代理","Windows管理规范审计代理，通过WMI收集系统信息和事件",{"value":265,"title":266,"description":267},"51","采集器","日志采集器，从各种数据源收集和转发日志数据",{"value":269,"title":270,"description":271},"52","通信服务器","通信服务器，处理网络通信、消息传递和协议转换",{"value":273,"title":274,"description":275},"53","关联引擎","安全事件关联引擎，分析日志数据以检测复杂安全事件",{"value":277,"title":278,"description":279},"55","其他","其他未分类的设备类型",{"value":281,"title":282,"description":283},"56","主机安全管理系统(EDR)","端点检测与响应系统，监控主机活动、检测威胁并响应安全事件",{"value":285,"title":286,"description":287},"57","虚拟化设备","虚拟化平台设备，如VMware ESXi、Hyper-V等，运行虚拟机",{"value":289,"title":290,"description":291},"58","网络打印机","网络连接的打印机设备，支持网络打印功能",{"value":293,"title":294,"description":295},"59","APT","高级持久威胁检测系统，针对APT攻击进行监测和防护",{"value":297,"title":298,"description":299},"60","DNS服务器","域名系统服务器，提供域名解析服务和DNS安全防护",{"value":301,"title":302,"description":303},"61","API风险监测系统","API风险监测系统，监控API接口的安全风险和使用异常",{"value":305,"title":306,"description":307},"62","API安全网关","API安全网关，保护API接口免受攻击，提供认证、授权和限流",{"value":309,"title":310,"description":311},"63","脆弱性扫描系统","脆弱性扫描系统，全面扫描系统、网络和应用漏洞",{"value":313,"title":314,"description":315},"65","UES","统一端点安全系统，集成终端防护、检测和响应功能",{"id":317,"fieldName":317,"fieldType":61,"displayName":318,"importance":63,"description":319,"tag":-1,"dataSource":320,"enumValues":321,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceAddress","设备IP地址","设备产生日志时的IP地址，用于标识日志来源设备。格式要求：必须为有效的IPv4或IPv6地址格式。",[66,67],[],{"id":323,"fieldName":323,"fieldType":61,"displayName":324,"importance":63,"description":325,"tag":-1,"dataSource":326,"enumValues":327,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"eventId","事件ID","事件ID是日志事件的全局唯一标识符，通常采用UUID或时间戳序列等不可重复算法生成。格式应为标准的UUID字符串，例如：550e8400-e29b-41d4-a716-446655440000。要求全局唯一，不可重复。",[66,67],[],{"id":329,"fieldName":329,"fieldType":61,"displayName":330,"importance":63,"description":331,"tag":-1,"dataSource":332,"enumValues":333,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"name","概要名称","概要名称是日志或告警的简要标题或标识，用于快速识别事件内容。该字段为字符串类型，需保持简洁明了。",[66,67],[],{"id":335,"fieldName":335,"fieldType":61,"displayName":336,"importance":337,"description":338,"tag":-1,"dataSource":339,"enumValues":340,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"message","描述","OPTIONAL","用于记录日志或告警的详细描述信息，以文本字符串形式存储。内容通常包含对安全事件、系统活动或异常情况的说明、上下文及关键参数。",[66,67],[],{"id":342,"fieldName":342,"fieldType":61,"displayName":343,"importance":63,"description":344,"tag":-1,"dataSource":345,"enumValues":346,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"startTime","开始时间","该字段记录事件活动开始的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。",[66,67],[],{"id":348,"fieldName":348,"fieldType":61,"displayName":349,"importance":63,"description":350,"tag":-1,"dataSource":351,"enumValues":352,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"endTime","结束时间","记录事件活动结束的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。",[66,67],[],{"id":354,"fieldName":354,"fieldType":61,"displayName":355,"importance":63,"description":356,"tag":-1,"dataSource":357,"enumValues":358,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceReceiptTime","设备接收时间","该字段记录设备采集器本地接收并生成日志事件的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。",[66,67],[],{"id":360,"fieldName":360,"fieldType":61,"displayName":361,"importance":63,"description":362,"tag":-1,"dataSource":363,"enumValues":364,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"collectorReceiptTime","采集器接收时间","采集器接收日志事件的精确时间，时间格式必须为标准的日期时间字符串，格式要求为yyyy-mm-dd HH:mm:ss。",[66,67],[],{"id":366,"fieldName":366,"fieldType":367,"displayName":368,"importance":369,"description":370,"tag":-1,"dataSource":371,"enumValues":372,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"severity","integer","安全威胁等级","RECOMMENDED","标识日志或告警的安全威胁严重程度等级。该字段为整型数值，取值范围为0至10，每个数值对应特定的威胁级别：0表示无风险，1-3表示低危，4-6表示中危，7-9表示高危，10表示危急。",[66,67],[],{"id":374,"fieldName":374,"fieldType":91,"displayName":375,"importance":369,"description":376,"tag":-1,"dataSource":377,"enumValues":378,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"catOutcome","结果分类","该字段用于标识事件操作或攻击的最终结果状态。其值为预定义的枚举类型，当前主要可选值包括：OK（表示操作成功）、FAIL（表示操作失败）、Attempt（表示尝试性操作）。取值应严格限定在系统定义的枚举值范围内。",[66,67],[379,383,387],{"value":380,"title":381,"description":382},"OK","成功","可以合理的推测事件已成功",{"value":384,"title":385,"description":386},"FAIL","失败","可以合理的推测事件已失败",{"value":388,"title":389,"description":390},"Attempt","尝试","事件已发生，但是无法明确成功或失败",{"id":392,"fieldName":392,"fieldType":91,"displayName":393,"importance":369,"description":394,"tag":-1,"dataSource":395,"enumValues":396,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"logType","日志类型","该字段标识日志事件的功能或对象实体分类。其值为预定义的枚举字符串，例如：alert（告警类日志）、traffic（网络通信类日志）、process（进程操作类日志）、command（命令执行类日志）、file（文件操作类日志）等。",[66,67],[397,400,404,408,412,416,420,424,428,432,436,440,444,448,452,456,460,464,468,472,476,480],{"value":11,"title":398,"description":399},"告警类日志","安全告警事件日志，包含威胁检测、异常行为和安全风险告警",{"value":401,"title":402,"description":403},"traffic","网络通信类日志","网络流量和通信会话日志，记录网络连接、数据传输和协议通信",{"value":405,"title":406,"description":407},"process","进程操作类日志","进程生命周期管理日志，记录进程创建、终止、注入等操作",{"value":409,"title":410,"description":411},"command","命令执行类日志","命令行和脚本执行日志，记录系统命令、PowerShell和Shell命令执行",{"value":413,"title":414,"description":415},"file","文件操作类日志","文件系统操作日志，记录文件创建、修改、删除、访问等操作",{"value":417,"title":418,"description":419},"account","账号操作类日志","用户账户管理日志，记录用户登录、注销、权限变更和账户管理操作",{"value":421,"title":422,"description":423},"config","配置操作类日志","系统配置变更日志，记录安全策略、系统设置和配置修改操作",{"value":425,"title":426,"description":427},"status","系统状态类日志","系统运行状态日志，记录系统启动、关机、重启和运行状态变更",{"value":429,"title":430,"description":431},"system_operation","系统操作类日志","系统级管理操作日志，记录系统维护、管理和控制操作",{"value":433,"title":434,"description":435},"system_resource","系统资源类日志","系统资源使用日志，记录CPU、内存、磁盘和网络资源使用情况",{"value":437,"title":438,"description":439},"domain","域名操作类日志","域名解析和查询日志，记录DNS查询、域名解析和网络定位操作",{"value":441,"title":442,"description":443},"registry","注册表操作类日志","Windows注册表操作日志，记录注册表键值创建、修改和删除操作",{"value":445,"title":446,"description":447},"app","应用程序类日志","应用程序运行日志，记录应用程序启动、运行、错误和业务操作",{"value":449,"title":450,"description":451},"service","服务操作类日志","系统服务管理日志，记录Windows/Linux服务的创建、启动、停止和配置变更",{"value":453,"title":454,"description":455},"task","任务操作类日志","计划任务和作业日志，记录定时任务创建、执行、修改和删除操作",{"value":457,"title":458,"description":459},"thread","线程操作类日志","线程管理日志，记录线程创建、终止、挂起和优先级变更操作",{"value":461,"title":462,"description":463},"module","模块操作类日志","程序模块管理日志，记录DLL、SO等模块的加载、卸载和内存映射",{"value":465,"title":466,"description":467},"driver","驱动操作类日志","设备驱动程序日志，记录内核驱动加载、卸载和运行状态",{"value":469,"title":470,"description":471},"pipe","管道操作类日志","进程间通信日志，记录命名管道创建、连接、数据传输操作",{"value":473,"title":474,"description":475},"wmi","WMI操作类日志","Windows管理规范操作日志，记录WMI查询、事件订阅和代码执行",{"value":477,"title":478,"description":479},"winrm","WinRM操作类日志","Windows远程管理日志，记录远程PowerShell命令执行和系统管理操作",{"value":481,"title":482,"description":483},"others","其他类型日志","未分类的其他日志类型，包含无法归入上述分类的日志事件",{"id":485,"fieldName":485,"fieldType":91,"displayName":486,"importance":369,"description":487,"tag":-1,"dataSource":488,"enumValues":489,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"opType","操作类型","操作类型，标识事件中对目标对象执行的具体操作行为。本字段为枚举类型，其值必须为预定义的操作类型字符串，例如：read（读取）、write（写入）、create（创建）、delete（删除）、modify（修改）等。",[66,67],[490,494,498,502,506,510,514,518,522,526,530,534,538,542,546,550,554,557,561,565,569,573,577,581,585,589,593,597,601],{"value":491,"title":492,"description":493},"read","读取","读取数据操作，包括文件读取、注册表查询、内存读取等",{"value":495,"title":496,"description":497},"write","写入","写入数据操作，包括文件写入、注册表修改、配置变更等",{"value":499,"title":500,"description":501},"create","创建","创建新对象操作，包括文件创建、进程创建、用户账户创建等",{"value":503,"title":504,"description":505},"delete","删除","删除对象操作，包括文件删除、注册表项删除、用户账户删除等",{"value":507,"title":508,"description":509},"modify","修改","修改对象属性操作，包括文件属性修改、权限变更、配置调整等",{"value":511,"title":512,"description":513},"login","登录","身份认证成功操作，包括系统登录、应用登录、远程访问登录等",{"value":515,"title":516,"description":517},"logout","登出","会话终止操作，包括用户登出、会话超时、强制注销等",{"value":519,"title":520,"description":521},"execute","执行","程序执行操作，包括进程启动、命令执行、脚本运行等",{"value":523,"title":524,"description":525},"start","启动","服务启动操作，包括系统服务启动、计划任务触发、守护进程启动等",{"value":527,"title":528,"description":529},"stop","停止","服务停止操作，包括系统服务停止、进程终止、任务结束等",{"value":531,"title":532,"description":533},"access","访问","资源访问操作，包括进程访问、内存访问、共享资源访问等",{"value":535,"title":536,"description":537},"connect","连接","网络连接操作，包括网络连接建立、会话创建、远程连接等",{"value":539,"title":540,"description":541},"load","加载","模块加载操作，包括驱动加载、DLL加载、插件加载等",{"value":543,"title":544,"description":545},"send","发送","数据发送操作，包括网络数据发送、邮件发送、消息发送等",{"value":547,"title":548,"description":549},"receive","接收","数据接收操作，包括网络数据接收、邮件接收、消息接收等",{"value":551,"title":552,"description":553},"combine","组合操作","复合操作类型，表示多个操作的组合执行",{"value":481,"title":555,"description":556},"其他操作","未分类的其他操作类型",{"value":558,"title":559,"description":560},"query","查询","数据查询操作，包括数据库查询、目录查询、信息检索等",{"value":562,"title":563,"description":564},"rename","重命名","对象重命名操作，包括文件重命名、账户重命名、服务重命名等",{"value":566,"title":567,"description":568},"listen","监听","网络监听操作，包括端口监听、会话监听、事件监听等",{"value":570,"title":571,"description":572},"setValue","设置键值","键值设置操作，包括注册表键值设置、配置参数设置、环境变量设置等",{"value":574,"title":575,"description":576},"addedGroup","添加至组","组成员添加操作，包括用户添加到组、计算机加入域等",{"value":578,"title":579,"description":580},"removedGroup","组中移除","组成员移除操作，包括用户从组中移除、计算机脱离域等",{"value":582,"title":583,"description":584},"changePassword","修改密码","密码修改操作，包括用户密码修改、服务账户密码变更等",{"value":586,"title":587,"description":588},"resetPassword","重置密码","密码重置操作，包括管理员重置用户密码、密码恢复等",{"value":590,"title":591,"description":592},"disable","禁用","对象禁用操作，包括用户账户禁用、服务禁用、策略禁用等",{"value":594,"title":595,"description":596},"enable","启用","对象启用操作，包括用户账户启用、服务启用、策略启用等",{"value":598,"title":599,"description":600},"lock","锁定","对象锁定操作，包括用户账户锁定、会话锁定、资源锁定等",{"value":602,"title":603,"description":604},"unlock","解锁","对象解锁操作，包括用户账户解锁、会话解锁、资源解锁等",{"id":606,"fieldName":606,"fieldType":607,"displayName":608,"importance":369,"description":609,"tag":-1,"dataSource":610,"enumValues":611,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"eventCount","long","事件数量","事件数量字段用于统计相同类型或相关事件的发生次数。通常为非负整数。",[66,67],[],{"id":613,"fieldName":613,"fieldType":61,"displayName":614,"importance":369,"description":615,"tag":-1,"dataSource":616,"enumValues":617,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"dataSourceAddress","数据来源地址","数据来源地址，指提供数据的设备网络地址。该字段必须是合法的IP地址格式，支持IPv4和IPv6地址。IPv4地址为点分十进制格式（如192.168.1.5），IPv6地址为冒号分隔的十六进制格式。",[66,67],[],{"id":619,"fieldName":619,"fieldType":367,"displayName":620,"importance":369,"description":621,"tag":-1,"dataSource":622,"enumValues":623,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcPort","源端口","源端口是指网络连接发起方的端口号，用于标识发起通信的应用程序或服务。端口号必须是整数，取值范围为0到65535，其中0通常保留，1到1023为知名端口，1024到49151为注册端口，49152到65535为动态或私有端口。",[66,67],[],{"id":625,"fieldName":625,"fieldType":367,"displayName":626,"importance":369,"description":627,"tag":-1,"dataSource":628,"enumValues":629,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destPort","目的端口","目的端口是网络连接接收方的端口号，用于标识接收方应用程序或服务。该字段为整数类型，取值范围为0-65535，其中0-1023为知名端口，1024-49151为注册端口，49152-65535为动态或私有端口。",[66,67],[],{"id":631,"fieldName":631,"fieldType":61,"displayName":632,"importance":337,"description":633,"tag":-1,"dataSource":634,"enumValues":635,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcMacAddress","源MAC地址","源MAC地址表示网络数据帧发送方的媒体访问控制地址。格式要求：必须为标准MAC地址格式，即6组由冒号分隔的十六进制字节（xx:xx:xx:xx:xx:xx），每组两个字符，取值范围为00-FF。",[66,67],[],{"id":637,"fieldName":637,"fieldType":61,"displayName":638,"importance":337,"description":639,"tag":-1,"dataSource":640,"enumValues":641,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destMacAddress","目的MAC地址","目的MAC地址表示网络数据帧接收方的媒体访问控制地址。格式要求：必须为标准MAC地址格式，即6组由冒号分隔的十六进制字节（xx:xx:xx:xx:xx:xx），每组两个字符，取值范围为00-FF。",[66,67],[],{"id":643,"fieldName":643,"fieldType":61,"displayName":644,"importance":337,"description":645,"tag":-1,"dataSource":646,"enumValues":647,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoCountry","来源国家","该字段表示网络连接发起方IP地址所对应的国家或地区信息。",[66,67],[],{"id":649,"fieldName":649,"fieldType":61,"displayName":650,"importance":337,"description":651,"tag":-1,"dataSource":652,"enumValues":653,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoRegion","来源地区","该字段表示网络连接发起方IP地址所对应的省级行政区域名称，用于标识流量的地理来源。其值应为中国省级行政区划的名称，例如“北京市”、“浙江省”、“新疆维吾尔自治区”等，或国际公认的国家及地区名称。格式为字符串，无固定长度限制，建议使用标准、完整的官方名称以确保一致性和准确性。",[66,67],[],{"id":655,"fieldName":655,"fieldType":61,"displayName":656,"importance":337,"description":657,"tag":-1,"dataSource":658,"enumValues":659,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoCity","来源城市","该字段表示网络连接发起方IP地址所对应的城市级别行政区域名称。其值为字符串类型，该信息通常由IP地址归属地查询服务提供，无特定的格式或字符集强制要求，但建议保持名称的一致性。",[66,67],[],{"id":661,"fieldName":661,"fieldType":61,"displayName":662,"importance":337,"description":663,"tag":-1,"dataSource":664,"enumValues":665,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoAddress","来源详细地址","该字段表示网络连接发起方IP地址所对应的详细地址描述，用于定位来源的具体物理或行政位置。其值为字符串类型，通常包含国家、省份、城市、区县、街道及门牌号等层级信息。",[66,67],[],{"id":667,"fieldName":667,"fieldType":61,"displayName":668,"importance":337,"description":669,"tag":-1,"dataSource":670,"enumValues":671,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoLatitude","来源纬度","该字段表示网络连接发起方IP地址所对应的地理纬度坐标，以字符串格式存储。纬度坐标应遵循十进制表示法，取值范围为-90.000000到90.000000，其中北纬为正，南纬为负。",[66,67],[],{"id":673,"fieldName":673,"fieldType":61,"displayName":674,"importance":337,"description":675,"tag":-1,"dataSource":676,"enumValues":677,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcGeoLongitude","来源经度","来源经度表示网络连接发起方IP地址所对应的地理经度坐标。格式为十进制浮点数字符串，取值范围为-180.000000到180.000000，保留小数点后六位，使用点号（.）作为小数点分隔符，负值表示西经，正值表示东经。",[66,67],[],{"id":679,"fieldName":679,"fieldType":61,"displayName":680,"importance":337,"description":681,"tag":-1,"dataSource":682,"enumValues":683,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoCountry","目的国家","目的国家，指网络连接接收方IP地址所对应的国家名称。该字段值为国家或地区的完整中文名称，例如“中国”、“美国”等。",[66,67],[],{"id":685,"fieldName":685,"fieldType":61,"displayName":686,"importance":337,"description":687,"tag":-1,"dataSource":688,"enumValues":689,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoRegion","目的地区","该字段表示网络连接接收方IP地址所对应的中国省级行政区域名称，用于标识网络流量的地理目的地。其值应为中国省级行政区划的规范名称，例如“浙江省”、“北京市”或“新疆维吾尔自治区”等，不包含“省”、“市”、“自治区”等后缀的简称（如“浙江”、“北京”、“新疆”）也可接受。该字段为字符串类型，无特定字符集或长度限制，但应确保名称的准确性和一致性。",[66,67],[],{"id":691,"fieldName":691,"fieldType":61,"displayName":692,"importance":337,"description":693,"tag":-1,"dataSource":694,"enumValues":695,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoCity","目的城市","目的城市是指网络连接接收方IP地址所对应的城市级别行政区域名称。该字段为字符串类型，需使用标准城市名称。",[66,67],[],{"id":697,"fieldName":697,"fieldType":61,"displayName":698,"importance":337,"description":699,"tag":-1,"dataSource":700,"enumValues":701,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoAddress","目的详细地址","目的详细地址，描述网络连接接收方IP地址所对应的详细地址信息。格式为字符串，应包含国家、省/州、城市、街道等层级的详细信息，以构成一个完整的物理位置描述。",[66,67],[],{"id":703,"fieldName":703,"fieldType":61,"displayName":704,"importance":337,"description":705,"tag":-1,"dataSource":706,"enumValues":707,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoLatitude","目的纬度","目的纬度表示网络连接接收方IP地址所对应的地理纬度坐标。该值为字符串类型，通常以十进制小数形式表示，取值范围为-90.000000到90.000000。",[66,67],[],{"id":709,"fieldName":709,"fieldType":61,"displayName":710,"importance":337,"description":711,"tag":-1,"dataSource":712,"enumValues":713,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destGeoLongitude","目的经度","目的经度是指网络连接接收方IP地址所对应的地理经度坐标。格式为十进制小数形式的字符串，取值范围为-180.000000至180.000000。",[66,67],[],{"id":715,"fieldName":715,"fieldType":61,"displayName":716,"importance":369,"description":717,"tag":-1,"dataSource":718,"enumValues":719,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcAddress","来源IP","来源IP地址，指网络连接或安全事件的发起方所使用的IP地址。该字段必须符合IP地址格式规范，支持IPv4和IPv6地址。IPv4地址为点分十进制格式（如：192.168.1.1），IPv6地址为冒号分隔的十六进制格式（如：2001:0db8:85a3:0000:0000:8a2e:0370:7334）。",[66,67],[],{"id":721,"fieldName":721,"fieldType":61,"displayName":722,"importance":369,"description":723,"tag":-1,"dataSource":724,"enumValues":725,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destAddress","目的IP","目的IP地址，标识网络通信连接的目标IP地址。格式要求：必须符合IP地址格式规范，支持IPv4（如192.168.1.1）或IPv6（如2001:0db8:85a3:0000:0000:8a2e:0370:7334）地址表示法。",[66,67],[],{"id":727,"fieldName":727,"fieldType":91,"displayName":728,"importance":369,"description":729,"tag":-1,"dataSource":730,"enumValues":731,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"direction","数据流方向","基于源和目标IP地址的网络位置分类数据流方向。该字段为枚举类型，表示数据流在内外网之间的流向，具体取值及含义如下：11 表示外网访问外网；10 表示外网访问内网；01 表示内网访问外网；00 表示内网访问内网。",[66,67],[732,735,738,742],{"value":137,"title":733,"description":734},"外访问外","来源IP为外部IP，目的IP为外部IP，数据方向：外访问外",{"value":133,"title":736,"description":737},"外访问内","来源IP为外部IP，目的IP为内部IP，数据方向：外访问内",{"value":739,"title":740,"description":741},"01","内访问外","来源IP为内部IP，目的IP为外部IP，数据方向：内访问外",{"value":743,"title":744,"description":745},"00","内访问内","来源IP为内部IP，目的IP为内部IP，数据方向：内访问内",{"id":747,"fieldName":747,"fieldType":91,"displayName":748,"importance":337,"description":749,"tag":-1,"dataSource":750,"enumValues":751,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"transProtocol","传输协议","传输层协议类型，表示OSI模型中传输层使用的协议。可选值包括：TCP（传输控制协议）、UDP（用户数据报协议）等标准传输层协议。",[66,67],[752,756],{"value":753,"title":754,"description":755},"TCP","传输控制协议","面向连接的可靠传输协议，提供数据包顺序传输、错误检测和重传机制",{"value":757,"title":758,"description":759},"UDP","用户数据报协议","无连接的不可靠传输协议，提供低延迟的数据传输，适用于实时应用",{"id":761,"fieldName":761,"fieldType":91,"displayName":762,"importance":369,"description":763,"tag":-1,"dataSource":764,"enumValues":765,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"appProtocol","应用协议","应用协议字段表示OSI模型中应用层使用的协议类型。该字段为枚举类型，取值范围应在预定义的协议标识符列表中。",[66,67],[766,768,770,772,774,776,778,780,782,784,786,788,790,792,794,796,798,800,802,804,806,808,810,812,814,816,818,820,822,824,826,828,830,832,834,836,838,840,842,844,846,848,850,852,854,856,858,860,862,864,866,868,870,872,874,876,878,880,882,884,886,888,890,892],{"value":767,"title":767,"description":767},"http",{"value":769,"title":769,"description":769},"https",{"value":771,"title":771,"description":771},"dns",{"value":773,"title":773,"description":773},"ssh",{"value":775,"title":775,"description":775},"telnet",{"value":777,"title":777,"description":777},"telnets",{"value":779,"title":779,"description":779},"rsync",{"value":781,"title":781,"description":781},"tftp",{"value":783,"title":783,"description":783},"ftp",{"value":785,"title":785,"description":785},"sftp",{"value":787,"title":787,"description":787},"smb",{"value":789,"title":789,"description":789},"ntp",{"value":791,"title":791,"description":791},"mysql",{"value":793,"title":793,"description":793},"ms-sql-s",{"value":795,"title":795,"description":795},"ms-sql-m",{"value":797,"title":797,"description":797},"oracle",{"value":799,"title":799,"description":799},"nfs",{"value":801,"title":801,"description":801},"pop2",{"value":803,"title":803,"description":803},"pop3",{"value":805,"title":805,"description":805},"pop3s",{"value":807,"title":807,"description":807},"smtp",{"value":809,"title":809,"description":809},"imap",{"value":811,"title":811,"description":811},"imaps",{"value":813,"title":813,"description":813},"chargen",{"value":815,"title":815,"description":815},"qotd",{"value":817,"title":817,"description":817},"x11",{"value":819,"title":819,"description":819},"uucp",{"value":821,"title":821,"description":821},"rcp",{"value":823,"title":823,"description":823},"postgres",{"value":825,"title":825,"description":825},"bootps",{"value":827,"title":827,"description":827},"bootpc",{"value":829,"title":829,"description":829},"squid",{"value":831,"title":831,"description":831},"ftps",{"value":833,"title":833,"description":833},"ircs",{"value":835,"title":835,"description":835},"echo",{"value":837,"title":837,"description":837},"sunrpc",{"value":839,"title":839,"description":839},"auth",{"value":841,"title":841,"description":841},"tacacs",{"value":843,"title":843,"description":843},"nntp",{"value":845,"title":845,"description":845},"radius",{"value":847,"title":847,"description":847},"netbios-ns",{"value":849,"title":849,"description":849},"netbios-dgm",{"value":851,"title":851,"description":851},"netbios-ssn",{"value":853,"title":853,"description":853},"wins",{"value":855,"title":855,"description":855},"snmp",{"value":857,"title":857,"description":857},"snmptrap",{"value":859,"title":859,"description":859},"bgp",{"value":861,"title":861,"description":861},"irc",{"value":863,"title":863,"description":863},"ldap",{"value":865,"title":865,"description":865},"ldaps",{"value":867,"title":867,"description":867},"timbuktu",{"value":869,"title":869,"description":869},"nnsp",{"value":871,"title":871,"description":871},"daytime",{"value":873,"title":873,"description":873},"ircd",{"value":875,"title":875,"description":875},"isakmp",{"value":877,"title":877,"description":877},"printer",{"value":879,"title":879,"description":879},"dhcpv6-client",{"value":881,"title":881,"description":881},"dhcpv6-server",{"value":883,"title":883,"description":883},"rtsp",{"value":885,"title":885,"description":885},"nntps",{"value":887,"title":887,"description":887},"discard",{"value":889,"title":889,"description":889},"ipx",{"value":891,"title":891,"description":891},"finger",{"value":893,"title":893,"description":893},"rdp",{"id":895,"fieldName":895,"fieldType":61,"displayName":896,"importance":337,"description":897,"tag":-1,"dataSource":-1,"enumValues":898,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"relateAddress","关联IP","关联IP是与主操作用户存在关联关系的辅助IP地址信息，用于记录三层关联情况下的网络地址信息。例如在数据库审计中的站库分离场景中，此字段可用于关联用户登录Web服务器时的网络地址。该字段值必须为有效的IPv4或IPv6地址格式。",[],{"id":900,"fieldName":900,"fieldType":61,"displayName":901,"importance":337,"description":902,"tag":-1,"dataSource":903,"enumValues":904,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"requestUrlQuery","请求URI","该字段表示HTTP请求URL中从根路径符“/”开始到查询字符串末尾的部分，即包括路径和查询参数。格式要求：必须为有效的URI路径及查询字符串，以“/”开头，可以包含字母、数字、连字符、下划线、点号以及查询参数（以“?”开头，参数间以“&”分隔）。",[67],[],{"id":906,"fieldName":906,"fieldType":61,"displayName":907,"importance":337,"description":908,"tag":-1,"dataSource":909,"enumValues":910,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"requestUrl","请求URL","该字段表示HTTP请求URL中从根路径'/'开始到查询字符串'?'之前的部分，用于标识请求的资源路径。其值必须是一个合法的URL路径字符串，通常以'/'开头，不应包含协议、域名、端口或查询参数（即'?'及之后的内容）。字符串内容应符合URL路径的通用规范，可以包含字母、数字以及特定的安全字符（如-._~!$&'()*+,;=:@%）。",[67],[],{"id":912,"fieldName":912,"fieldType":61,"displayName":913,"importance":337,"description":914,"tag":-1,"dataSource":915,"enumValues":916,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"appName","应用名称","该字段表示被访问或引用的应用名称，用于标识产生该日志的应用程序或服务。其值为字符串类型，通常为应用的自定义名称或标识符。",[67],[],{"id":918,"fieldName":918,"fieldType":61,"displayName":919,"importance":337,"description":920,"tag":-1,"dataSource":921,"enumValues":922,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"serviceName","服务名称","服务名称，指在系统或应用程序中运行的服务标识。",[67],[],{"id":924,"fieldName":924,"fieldType":61,"displayName":925,"importance":337,"description":926,"tag":-1,"dataSource":927,"enumValues":928,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destHostName","目标主机名","目标主机名（目标标识）指网络连接或安全事件中目标设备的网络标识，它可以是 DNS 主机名（含 FQDN）、NetBIOS 名称、本地主机名或 IP 地址；若访问时包含非标准端口，则通常应在标识后附加 :端口号（如 192.168.1.1:8080 或 host.example.com:8443）。",[67],[],{"id":930,"fieldName":930,"fieldType":61,"displayName":931,"importance":337,"description":932,"tag":-1,"dataSource":933,"enumValues":934,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"objectName","对象名称","对象名称，指访问或操作的目标对象名称，例如数据库名、应用名、文件名等。",[66],[],{"id":936,"fieldName":936,"fieldType":61,"displayName":937,"importance":337,"description":938,"tag":-1,"dataSource":939,"enumValues":940,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"objectType","对象类型","标识系统对象的分类类型，例如Directory（目录）、File（文件）、User（用户）等。该字段为字符串类型，用于明确区分系统中不同种类的资源对象。",[66],[],{"id":942,"fieldName":942,"fieldType":61,"displayName":943,"importance":369,"description":944,"tag":-1,"dataSource":945,"enumValues":946,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcUserName","源用户名","源用户名指发起网络连接、系统访问或安全事件的主体用户身份名称。",[66,67],[],{"id":948,"fieldName":948,"fieldType":61,"displayName":949,"importance":369,"description":950,"tag":-1,"dataSource":951,"enumValues":952,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"userName","用户名称","用户名称，指用户的真实姓名。",[67],[],{"id":954,"fieldName":954,"fieldType":61,"displayName":955,"importance":337,"description":956,"tag":-1,"dataSource":957,"enumValues":958,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"userAgent","用户代理","用户代理字符串，用于标识发起请求的客户端（用户代理）的匿名化信息，通常包含客户端的操作系统、浏览器类型、版本、设备类型等。格式需符合HTTP标准的User-Agent字符串。",[67],[],{"id":960,"fieldName":960,"fieldType":61,"displayName":961,"importance":337,"description":962,"tag":-1,"dataSource":963,"enumValues":964,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"requestMethod","请求方法","网络请求客户端向服务器发送请求时使用的HTTP请求方法类型，如GET、POST、PUT、DELETE等标准方法。该字段值必须统一使用大写英文字母表示",[67],[],{"id":966,"fieldName":966,"fieldType":61,"displayName":967,"importance":337,"description":968,"tag":-1,"dataSource":969,"enumValues":970,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"requestContentType","请求内容类型","请求内容类型，对应网络请求头中的Content-Type字段，用于描述请求数据的格式和字符编码。其值通常为标准MIME类型字符串，格式规范为“主类型/子类型”，并可附加参数（如字符集）。常见示例包括“application/json”、“text/html; charset=utf-8”等。",[67],[],{"id":972,"fieldName":972,"fieldType":61,"displayName":973,"importance":337,"description":974,"tag":-1,"dataSource":975,"enumValues":976,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"responseBody","响应体","该字段表示HTTP网络请求响应客户端接收到的响应内容。格式为字符串，内容通常为文本、JSON、XML或HTML等。",[67],[],{"id":978,"fieldName":978,"fieldType":61,"displayName":979,"importance":337,"description":980,"tag":-1,"dataSource":981,"enumValues":982,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"responseCode","响应码","响应码是网络请求后服务器返回的状态码，用于表示请求的处理结果。",[67],[],{"id":984,"fieldName":984,"fieldType":61,"displayName":985,"importance":337,"description":986,"tag":-1,"dataSource":987,"enumValues":988,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"responseContentType","响应内容类型","响应内容类型标识网络请求响应头中的内容类型，用于描述返回数据的媒体类型格式和字符编码。格式应符合HTTP标准的内容类型规范，通常由主类型和子类型组成，可选参数包括字符编码等，例如\"application/json; charset=utf-8\"。取值应为有效的MIME类型字符串。",[67],[],{"id":990,"fieldName":990,"fieldType":61,"displayName":991,"importance":337,"description":992,"tag":-1,"dataSource":993,"enumValues":994,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"destUserName","目标用户名","该字段表示网络连接、系统访问或安全事件的目标主体用户身份名称。其值为字符串类型，具体内容应为操作系统或应用程序中定义的有效用户名。",[66],[],{"id":996,"fieldName":996,"fieldType":607,"displayName":997,"importance":337,"description":998,"tag":-1,"dataSource":999,"enumValues":1000,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"bytesIn","请求字节数","该字段用于统计客户端请求消息的字节总量，其值为非负长整型。",[67],[],{"id":1002,"fieldName":1002,"fieldType":607,"displayName":1003,"importance":337,"description":1004,"tag":-1,"dataSource":1005,"enumValues":1006,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"bytesOut","响应字节数","响应字节数，用于统计服务器响应消息的字节总量。该字段为长整型数值，其值必须为非负整数，表示字节数。",[67],[],{"id":1008,"fieldName":1008,"fieldType":61,"displayName":1009,"importance":337,"description":1010,"tag":-1,"dataSource":1011,"enumValues":1012,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"deviceVersion","设备版本","设备版本标识设备固件、操作系统或嵌入式软件的完整版本信息。版本号通常采用多段数字格式，如主版本号.次版本号.修订号.构建号等。",[66,67],[],{"id":1014,"fieldName":1014,"fieldType":61,"displayName":1015,"importance":337,"description":1016,"tag":-1,"dataSource":1017,"enumValues":1018,"categoryId":36,"subCategoryId":69,"subCategoryName":70},"srcTransAddress","转换后源IP地址","转换后源IP地址是指经过网络地址转换（NAT）、代理服务器或VPN隧道封装处理后，数据包在网络层呈现的源IP地址。该字段必须符合IP地址格式规范，即点分十进制表示的IPv4地址（例如：192.168.1.1）或符合RFC标准的IPv6地址。",[66],[],{"id":60,"fieldName":60,"fieldType":61,"displayName":62,"importance":63,"description":64,"tag":-1,"dataSource":1020,"enumValues":1022,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],"EDR系统",[],"authentication_access_host_login","主机登录认证",{"id":72,"fieldName":72,"fieldType":61,"displayName":73,"importance":63,"description":74,"tag":-1,"dataSource":1026,"enumValues":1027,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":78,"fieldName":78,"fieldType":61,"displayName":79,"importance":63,"description":80,"tag":-1,"dataSource":1029,"enumValues":1030,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":84,"fieldName":84,"fieldType":61,"displayName":85,"importance":63,"description":86,"tag":-1,"dataSource":1032,"enumValues":1033,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":90,"fieldName":90,"fieldType":91,"displayName":92,"importance":63,"description":93,"tag":-1,"dataSource":1035,"enumValues":1036,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091],{"value":97,"title":98,"description":99},{"value":101,"title":102,"description":103},{"value":105,"title":106,"description":107},{"value":109,"title":110,"description":111},{"value":113,"title":114,"description":115},{"value":117,"title":118,"description":119},{"value":121,"title":122,"description":123},{"value":125,"title":126,"description":127},{"value":129,"title":130,"description":131},{"value":133,"title":134,"description":135},{"value":137,"title":138,"description":139},{"value":141,"title":142,"description":143},{"value":145,"title":146,"description":147},{"value":149,"title":150,"description":151},{"value":153,"title":154,"description":155},{"value":157,"title":158,"description":159},{"value":161,"title":162,"description":163},{"value":165,"title":166,"description":167},{"value":169,"title":170,"description":171},{"value":173,"title":174,"description":175},{"value":177,"title":178,"description":179},{"value":181,"title":182,"description":183},{"value":185,"title":186,"description":187},{"value":189,"title":190,"description":191},{"value":193,"title":194,"description":195},{"value":197,"title":198,"description":199},{"value":201,"title":202,"description":203},{"value":205,"title":206,"description":207},{"value":209,"title":210,"description":211},{"value":213,"title":214,"description":215},{"value":217,"title":218,"description":219},{"value":221,"title":222,"description":223},{"value":225,"title":226,"description":227},{"value":229,"title":230,"description":231},{"value":233,"title":234,"description":235},{"value":237,"title":238,"description":239},{"value":241,"title":242,"description":243},{"value":245,"title":246,"description":247},{"value":249,"title":250,"description":251},{"value":253,"title":254,"description":255},{"value":257,"title":258,"description":259},{"value":261,"title":262,"description":263},{"value":265,"title":266,"description":267},{"value":269,"title":270,"description":271},{"value":273,"title":274,"description":275},{"value":277,"title":278,"description":279},{"value":281,"title":282,"description":283},{"value":285,"title":286,"description":287},{"value":289,"title":290,"description":291},{"value":293,"title":294,"description":295},{"value":297,"title":298,"description":299},{"value":301,"title":302,"description":303},{"value":305,"title":306,"description":307},{"value":309,"title":310,"description":311},{"value":313,"title":314,"description":315},{"id":317,"fieldName":317,"fieldType":61,"displayName":318,"importance":63,"description":319,"tag":-1,"dataSource":1093,"enumValues":1094,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":323,"fieldName":323,"fieldType":61,"displayName":324,"importance":63,"description":325,"tag":-1,"dataSource":1096,"enumValues":1097,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":329,"fieldName":329,"fieldType":61,"displayName":330,"importance":63,"description":331,"tag":-1,"dataSource":1099,"enumValues":1100,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":335,"fieldName":335,"fieldType":61,"displayName":336,"importance":337,"description":338,"tag":-1,"dataSource":1102,"enumValues":1103,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":342,"fieldName":342,"fieldType":61,"displayName":343,"importance":63,"description":344,"tag":-1,"dataSource":1105,"enumValues":1106,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":348,"fieldName":348,"fieldType":61,"displayName":349,"importance":63,"description":350,"tag":-1,"dataSource":1108,"enumValues":1109,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":354,"fieldName":354,"fieldType":61,"displayName":355,"importance":63,"description":356,"tag":-1,"dataSource":1111,"enumValues":1112,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":360,"fieldName":360,"fieldType":61,"displayName":361,"importance":63,"description":362,"tag":-1,"dataSource":1114,"enumValues":1115,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":366,"fieldName":366,"fieldType":367,"displayName":368,"importance":369,"description":370,"tag":-1,"dataSource":1117,"enumValues":1118,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":374,"fieldName":374,"fieldType":91,"displayName":375,"importance":369,"description":376,"tag":-1,"dataSource":1120,"enumValues":1121,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[1122,1123,1124],{"value":380,"title":381,"description":382},{"value":384,"title":385,"description":386},{"value":388,"title":389,"description":390},{"id":392,"fieldName":392,"fieldType":91,"displayName":393,"importance":369,"description":394,"tag":-1,"dataSource":1126,"enumValues":1127,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[1128,1129,1130,1131,1132,1133,1134,1135,1136,1137,1138,1139,1140,1141,1142,1143,1144,1145,1146,1147,1148,1149],{"value":11,"title":398,"description":399},{"value":401,"title":402,"description":403},{"value":405,"title":406,"description":407},{"value":409,"title":410,"description":411},{"value":413,"title":414,"description":415},{"value":417,"title":418,"description":419},{"value":421,"title":422,"description":423},{"value":425,"title":426,"description":427},{"value":429,"title":430,"description":431},{"value":433,"title":434,"description":435},{"value":437,"title":438,"description":439},{"value":441,"title":442,"description":443},{"value":445,"title":446,"description":447},{"value":449,"title":450,"description":451},{"value":453,"title":454,"description":455},{"value":457,"title":458,"description":459},{"value":461,"title":462,"description":463},{"value":465,"title":466,"description":467},{"value":469,"title":470,"description":471},{"value":473,"title":474,"description":475},{"value":477,"title":478,"description":479},{"value":481,"title":482,"description":483},{"id":485,"fieldName":485,"fieldType":91,"displayName":486,"importance":369,"description":487,"tag":-1,"dataSource":1151,"enumValues":1152,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[1153,1154,1155,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1168,1169,1170,1171,1172,1173,1174,1175,1176,1177,1178,1179,1180,1181],{"value":491,"title":492,"description":493},{"value":495,"title":496,"description":497},{"value":499,"title":500,"description":501},{"value":503,"title":504,"description":505},{"value":507,"title":508,"description":509},{"value":511,"title":512,"description":513},{"value":515,"title":516,"description":517},{"value":519,"title":520,"description":521},{"value":523,"title":524,"description":525},{"value":527,"title":528,"description":529},{"value":531,"title":532,"description":533},{"value":535,"title":536,"description":537},{"value":539,"title":540,"description":541},{"value":543,"title":544,"description":545},{"value":547,"title":548,"description":549},{"value":551,"title":552,"description":553},{"value":481,"title":555,"description":556},{"value":558,"title":559,"description":560},{"value":562,"title":563,"description":564},{"value":566,"title":567,"description":568},{"value":570,"title":571,"description":572},{"value":574,"title":575,"description":576},{"value":578,"title":579,"description":580},{"value":582,"title":583,"description":584},{"value":586,"title":587,"description":588},{"value":590,"title":591,"description":592},{"value":594,"title":595,"description":596},{"value":598,"title":599,"description":600},{"value":602,"title":603,"description":604},{"id":606,"fieldName":606,"fieldType":607,"displayName":608,"importance":369,"description":609,"tag":-1,"dataSource":1183,"enumValues":1184,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":613,"fieldName":613,"fieldType":61,"displayName":614,"importance":369,"description":615,"tag":-1,"dataSource":1186,"enumValues":1187,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":715,"fieldName":715,"fieldType":61,"displayName":716,"importance":369,"description":717,"tag":-1,"dataSource":1189,"enumValues":1190,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":625,"fieldName":625,"fieldType":367,"displayName":626,"importance":369,"description":627,"tag":-1,"dataSource":1192,"enumValues":1193,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":721,"fieldName":721,"fieldType":61,"displayName":722,"importance":369,"description":723,"tag":-1,"dataSource":1195,"enumValues":1196,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":619,"fieldName":619,"fieldType":367,"displayName":620,"importance":369,"description":621,"tag":-1,"dataSource":1198,"enumValues":1199,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":1201,"fieldName":1201,"fieldType":61,"displayName":1202,"importance":337,"description":1203,"tag":-1,"dataSource":1204,"enumValues":1205,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"loginId","登录ID","系统分配的登录会话标识符，用于唯一标识用户的登录会话。该字段为字符串类型，通常为数字或字母数字组合的序列。",[1021],[],{"id":1207,"fieldName":1207,"fieldType":61,"displayName":1208,"importance":337,"description":1209,"tag":-1,"dataSource":1210,"enumValues":1211,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"srcHostName","来源主机名","该字段表示网络连接或威胁攻击中发起方的主机名。主机名可以是NetBIOS名称、DNS主机名或本地配置的机器名。格式为字符串，通常遵循主机名的通用命名规范。",[1021],[],{"id":1213,"fieldName":1213,"fieldType":61,"displayName":1214,"importance":337,"description":1215,"tag":-1,"dataSource":1216,"enumValues":1217,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"processId","进程ID","进程ID是操作系统分配给进程的唯一数字标识符，用于在操作系统中唯一标识一个正在运行的进程。该字段为字符串类型，通常由数字组成，长度和具体值取决于操作系统和进程状态。",[1021],[],{"id":1219,"fieldName":1219,"fieldType":61,"displayName":1220,"importance":337,"description":1221,"tag":-1,"dataSource":1222,"enumValues":1223,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"image","进程路径","该字段表示进程可执行文件在文件系统中的完整路径。路径格式应符合操作系统规范，通常为字符串形式，例如以斜杠（/）开头的绝对路径（Linux/Unix系统）或包含盘符和反斜杠的路径（Windows系统）。",[1021],[],{"id":990,"fieldName":990,"fieldType":61,"displayName":991,"importance":337,"description":992,"tag":-1,"dataSource":1225,"enumValues":1226,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":1228,"fieldName":1228,"fieldType":61,"displayName":1229,"importance":337,"description":1230,"tag":-1,"dataSource":1231,"enumValues":1232,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destNtDomain","目的NT域","目的设备所属的Windows NT域名称。格式为字符串，通常用于标识Windows网络环境中的域。",[1021],[],{"id":1234,"fieldName":1234,"fieldType":61,"displayName":1235,"importance":337,"description":1236,"tag":-1,"dataSource":1237,"enumValues":1238,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destLoginId","目标登录ID","目标系统或服务的登录标识符，通常用于标识用户或实体在目标系统上的身份。",[1021],[],{"id":1240,"fieldName":1240,"fieldType":61,"displayName":1241,"importance":337,"description":1242,"tag":-1,"dataSource":1243,"enumValues":1244,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destUserId","目标用户ID","目标用户的唯一标识符，通常用于标识网络连接的接收方或目标用户。",[1021],[],{"id":1246,"fieldName":1246,"fieldType":61,"displayName":1247,"importance":337,"description":1248,"tag":-1,"dataSource":1249,"enumValues":1250,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"failReason","失败原因","记录操作失败的具体技术原因和上下文信息，通常为字符串文本，用于说明导致失败的详细技术细节或环境因素。",[1021],[],{"id":1252,"fieldName":1252,"fieldType":61,"displayName":1253,"importance":337,"description":1254,"tag":-1,"dataSource":1255,"enumValues":1256,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"srcUserId","源用户ID","源用户ID是发起网络连接或操作的用户唯一标识符，通常用于标识操作主体。该字段为字符串类型，格式因系统或协议而异，常见格式包括Windows安全标识符（SID，如示例“S-1-5-18”）、用户名、用户全局唯一标识符（GUID）或数字ID等。",[1021],[],{"id":942,"fieldName":942,"fieldType":61,"displayName":943,"importance":369,"description":944,"tag":-1,"dataSource":1258,"enumValues":1259,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":1261,"fieldName":1261,"fieldType":61,"displayName":1262,"importance":337,"description":1263,"tag":-1,"dataSource":1264,"enumValues":1265,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"srcNtDomain","来源NT域","来源设备所属的Windows NT域名，用于标识源设备在Windows网络中的域成员身份。该字段为字符串类型，通常由字母、数字、连字符(-)和点号(.)组成。",[1021],[],{"id":1267,"fieldName":1267,"fieldType":61,"displayName":1268,"importance":337,"description":1269,"tag":-1,"dataSource":1270,"enumValues":1271,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"srcLoginId","源登录ID","源登录ID是指在网络通信中发起操作或请求时使用的用户登录标识符，用于唯一标识发起方用户。",[1021],[],{"id":1273,"fieldName":1273,"fieldType":61,"displayName":1274,"importance":337,"description":1275,"tag":-1,"dataSource":1276,"enumValues":1277,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"loginGuid","登录GUID","登录会话的全局唯一标识符，用于唯一标识一次登录会话。格式为标准的GUID格式，通常为32位十六进制数字，以连字符分隔为5组，形式如：xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx，其中每个x为0-9或a-f的十六进制字符。",[1021],[],{"id":1279,"fieldName":1279,"fieldType":61,"displayName":1280,"importance":337,"description":1281,"tag":-1,"dataSource":1282,"enumValues":1283,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destLoginGuid","目标登录GUID","目标系统上特定登录会话或登录请求的唯一标识符，通常为GUID（全局唯一标识符）格式。",[1021],[],{"id":1285,"fieldName":1285,"fieldType":61,"displayName":1286,"importance":337,"description":1287,"tag":-1,"dataSource":1288,"enumValues":1289,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destInfo","目标信息","目标信息，指尝试登录的目标计算机或服务的具体标识，例如主机名、IP地址或服务名称。格式要求：通常为字符串格式，可以是有效的域名、IPv4地址、IPv6地址或主机名。",[1021],[],{"id":1291,"fieldName":1291,"fieldType":61,"displayName":1292,"importance":337,"description":1293,"tag":-1,"dataSource":1294,"enumValues":1295,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"destServiceName","目标服务名称","该字段表示被访问或引用的目标服务名称，例如主机名、数据库实例名或应用服务标识。",[1021],[],{"id":761,"fieldName":761,"fieldType":91,"displayName":762,"importance":369,"description":763,"tag":-1,"dataSource":1297,"enumValues":1298,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[1299,1300,1301,1302,1303,1304,1305,1306,1307,1308,1309,1310,1311,1312,1313,1314,1315,1316,1317,1318,1319,1320,1321,1322,1323,1324,1325,1326,1327,1328,1329,1330,1331,1332,1333,1334,1335,1336,1337,1338,1339,1340,1341,1342,1343,1344,1345,1346,1347,1348,1349,1350,1351,1352,1353,1354,1355,1356,1357,1358,1359,1360,1361,1362],{"value":767,"title":767,"description":767},{"value":769,"title":769,"description":769},{"value":771,"title":771,"description":771},{"value":773,"title":773,"description":773},{"value":775,"title":775,"description":775},{"value":777,"title":777,"description":777},{"value":779,"title":779,"description":779},{"value":781,"title":781,"description":781},{"value":783,"title":783,"description":783},{"value":785,"title":785,"description":785},{"value":787,"title":787,"description":787},{"value":789,"title":789,"description":789},{"value":791,"title":791,"description":791},{"value":793,"title":793,"description":793},{"value":795,"title":795,"description":795},{"value":797,"title":797,"description":797},{"value":799,"title":799,"description":799},{"value":801,"title":801,"description":801},{"value":803,"title":803,"description":803},{"value":805,"title":805,"description":805},{"value":807,"title":807,"description":807},{"value":809,"title":809,"description":809},{"value":811,"title":811,"description":811},{"value":813,"title":813,"description":813},{"value":815,"title":815,"description":815},{"value":817,"title":817,"description":817},{"value":819,"title":819,"description":819},{"value":821,"title":821,"description":821},{"value":823,"title":823,"description":823},{"value":825,"title":825,"description":825},{"value":827,"title":827,"description":827},{"value":829,"title":829,"description":829},{"value":831,"title":831,"description":831},{"value":833,"title":833,"description":833},{"value":835,"title":835,"description":835},{"value":837,"title":837,"description":837},{"value":839,"title":839,"description":839},{"value":841,"title":841,"description":841},{"value":843,"title":843,"description":843},{"value":845,"title":845,"description":845},{"value":847,"title":847,"description":847},{"value":849,"title":849,"description":849},{"value":851,"title":851,"description":851},{"value":853,"title":853,"description":853},{"value":855,"title":855,"description":855},{"value":857,"title":857,"description":857},{"value":859,"title":859,"description":859},{"value":861,"title":861,"description":861},{"value":863,"title":863,"description":863},{"value":865,"title":865,"description":865},{"value":867,"title":867,"description":867},{"value":869,"title":869,"description":869},{"value":871,"title":871,"description":871},{"value":873,"title":873,"description":873},{"value":875,"title":875,"description":875},{"value":877,"title":877,"description":877},{"value":879,"title":879,"description":879},{"value":881,"title":881,"description":881},{"value":883,"title":883,"description":883},{"value":885,"title":885,"description":885},{"value":887,"title":887,"description":887},{"value":889,"title":889,"description":889},{"value":891,"title":891,"description":891},{"value":893,"title":893,"description":893},{"id":1364,"fieldName":1364,"fieldType":61,"displayName":1365,"importance":337,"description":1366,"tag":-1,"dataSource":1367,"enumValues":1368,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},"hostAddress","主机IP","主机IP地址，用于标识主机在网络中的位置。必须符合IPv4或IPv6地址格式规范。IPv4地址为点分十进制格式，由四个0-255的十进制数组成，以点分隔。IPv6地址为冒号分隔的十六进制数格式。",[1021],[],{"id":1008,"fieldName":1008,"fieldType":61,"displayName":1009,"importance":337,"description":1010,"tag":-1,"dataSource":1370,"enumValues":1371,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[1021],[],{"id":1014,"fieldName":1014,"fieldType":61,"displayName":1015,"importance":337,"description":1016,"tag":-1,"dataSource":-1,"enumValues":1373,"categoryId":36,"subCategoryId":1023,"subCategoryName":1024},[],{"id":942,"fieldName":942,"fieldType":61,"displayName":943,"importance":369,"description":944,"tag":-1,"dataSource":1375,"enumValues":1377,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],"NDR系统",[],"authentication_network_login","网络登录认证",{"id":1381,"fieldName":1381,"fieldType":61,"displayName":1382,"importance":337,"description":1383,"tag":-1,"dataSource":1384,"enumValues":1385,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},"passwd","密码","密码是用户用于验证身份或访问权限的一组秘密字符，通常为字符串类型。建议使用强密码策略，长度建议在8到128个字符之间，可包含大小写字母、数字及特殊字符。",[1376],[],{"id":924,"fieldName":924,"fieldType":61,"displayName":925,"importance":337,"description":926,"tag":-1,"dataSource":1387,"enumValues":1388,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376,67],[],{"id":960,"fieldName":960,"fieldType":61,"displayName":961,"importance":337,"description":962,"tag":-1,"dataSource":1390,"enumValues":1391,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376],[],{"id":1393,"fieldName":1393,"fieldType":61,"displayName":1394,"importance":337,"description":1395,"tag":-1,"dataSource":1396,"enumValues":1397,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},"httpVersion","HTTP协议版本","该字段标识HTTP网络请求中使用的协议版本。格式为字符串，必须符合HTTP协议版本的标准表示格式，例如\"HTTP/1.0\"、\"HTTP/1.1\"或\"HTTP/2\"。",[1376],[],{"id":900,"fieldName":900,"fieldType":61,"displayName":901,"importance":337,"description":902,"tag":-1,"dataSource":1399,"enumValues":1400,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376,67],[],{"id":906,"fieldName":906,"fieldType":61,"displayName":907,"importance":337,"description":908,"tag":-1,"dataSource":1402,"enumValues":1403,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376,67],[],{"id":954,"fieldName":954,"fieldType":61,"displayName":955,"importance":337,"description":956,"tag":-1,"dataSource":1405,"enumValues":1406,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376,67],[],{"id":978,"fieldName":978,"fieldType":61,"displayName":979,"importance":337,"description":980,"tag":-1,"dataSource":1408,"enumValues":1409,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[1376],[],{"id":60,"fieldName":60,"fieldType":61,"displayName":62,"importance":63,"description":64,"tag":-1,"dataSource":1411,"enumValues":1412,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":72,"fieldName":72,"fieldType":61,"displayName":73,"importance":63,"description":74,"tag":-1,"dataSource":1414,"enumValues":1415,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":78,"fieldName":78,"fieldType":61,"displayName":79,"importance":63,"description":80,"tag":-1,"dataSource":1417,"enumValues":1418,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":84,"fieldName":84,"fieldType":61,"displayName":85,"importance":63,"description":86,"tag":-1,"dataSource":1420,"enumValues":1421,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":90,"fieldName":90,"fieldType":91,"displayName":92,"importance":63,"description":93,"tag":-1,"dataSource":1423,"enumValues":1424,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1425,1426,1427,1428,1429,1430,1431,1432,1433,1434,1435,1436,1437,1438,1439,1440,1441,1442,1443,1444,1445,1446,1447,1448,1449,1450,1451,1452,1453,1454,1455,1456,1457,1458,1459,1460,1461,1462,1463,1464,1465,1466,1467,1468,1469,1470,1471,1472,1473,1474,1475,1476,1477,1478,1479],{"value":97,"title":98,"description":99},{"value":101,"title":102,"description":103},{"value":105,"title":106,"description":107},{"value":109,"title":110,"description":111},{"value":113,"title":114,"description":115},{"value":117,"title":118,"description":119},{"value":121,"title":122,"description":123},{"value":125,"title":126,"description":127},{"value":129,"title":130,"description":131},{"value":133,"title":134,"description":135},{"value":137,"title":138,"description":139},{"value":141,"title":142,"description":143},{"value":145,"title":146,"description":147},{"value":149,"title":150,"description":151},{"value":153,"title":154,"description":155},{"value":157,"title":158,"description":159},{"value":161,"title":162,"description":163},{"value":165,"title":166,"description":167},{"value":169,"title":170,"description":171},{"value":173,"title":174,"description":175},{"value":177,"title":178,"description":179},{"value":181,"title":182,"description":183},{"value":185,"title":186,"description":187},{"value":189,"title":190,"description":191},{"value":193,"title":194,"description":195},{"value":197,"title":198,"description":199},{"value":201,"title":202,"description":203},{"value":205,"title":206,"description":207},{"value":209,"title":210,"description":211},{"value":213,"title":214,"description":215},{"value":217,"title":218,"description":219},{"value":221,"title":222,"description":223},{"value":225,"title":226,"description":227},{"value":229,"title":230,"description":231},{"value":233,"title":234,"description":235},{"value":237,"title":238,"description":239},{"value":241,"title":242,"description":243},{"value":245,"title":246,"description":247},{"value":249,"title":250,"description":251},{"value":253,"title":254,"description":255},{"value":257,"title":258,"description":259},{"value":261,"title":262,"description":263},{"value":265,"title":266,"description":267},{"value":269,"title":270,"description":271},{"value":273,"title":274,"description":275},{"value":277,"title":278,"description":279},{"value":281,"title":282,"description":283},{"value":285,"title":286,"description":287},{"value":289,"title":290,"description":291},{"value":293,"title":294,"description":295},{"value":297,"title":298,"description":299},{"value":301,"title":302,"description":303},{"value":305,"title":306,"description":307},{"value":309,"title":310,"description":311},{"value":313,"title":314,"description":315},{"id":317,"fieldName":317,"fieldType":61,"displayName":318,"importance":63,"description":319,"tag":-1,"dataSource":1481,"enumValues":1482,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":323,"fieldName":323,"fieldType":61,"displayName":324,"importance":63,"description":325,"tag":-1,"dataSource":1484,"enumValues":1485,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":329,"fieldName":329,"fieldType":61,"displayName":330,"importance":63,"description":331,"tag":-1,"dataSource":1487,"enumValues":1488,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":335,"fieldName":335,"fieldType":61,"displayName":336,"importance":337,"description":338,"tag":-1,"dataSource":1490,"enumValues":1491,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":342,"fieldName":342,"fieldType":61,"displayName":343,"importance":63,"description":344,"tag":-1,"dataSource":1493,"enumValues":1494,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":348,"fieldName":348,"fieldType":61,"displayName":349,"importance":63,"description":350,"tag":-1,"dataSource":1496,"enumValues":1497,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":354,"fieldName":354,"fieldType":61,"displayName":355,"importance":337,"description":356,"tag":-1,"dataSource":1499,"enumValues":1500,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":360,"fieldName":360,"fieldType":61,"displayName":361,"importance":63,"description":362,"tag":-1,"dataSource":1502,"enumValues":1503,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":366,"fieldName":366,"fieldType":367,"displayName":368,"importance":63,"description":370,"tag":-1,"dataSource":1505,"enumValues":1506,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":374,"fieldName":374,"fieldType":91,"displayName":375,"importance":63,"description":376,"tag":-1,"dataSource":1508,"enumValues":1509,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1510,1511,1512],{"value":380,"title":381,"description":382},{"value":384,"title":385,"description":386},{"value":388,"title":389,"description":390},{"id":392,"fieldName":392,"fieldType":91,"displayName":393,"importance":63,"description":394,"tag":-1,"dataSource":1514,"enumValues":1515,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1516,1517,1518,1519,1520,1521,1522,1523,1524,1525,1526,1527,1528,1529,1530,1531,1532,1533,1534,1535,1536,1537],{"value":11,"title":398,"description":399},{"value":401,"title":402,"description":403},{"value":405,"title":406,"description":407},{"value":409,"title":410,"description":411},{"value":413,"title":414,"description":415},{"value":417,"title":418,"description":419},{"value":421,"title":422,"description":423},{"value":425,"title":426,"description":427},{"value":429,"title":430,"description":431},{"value":433,"title":434,"description":435},{"value":437,"title":438,"description":439},{"value":441,"title":442,"description":443},{"value":445,"title":446,"description":447},{"value":449,"title":450,"description":451},{"value":453,"title":454,"description":455},{"value":457,"title":458,"description":459},{"value":461,"title":462,"description":463},{"value":465,"title":466,"description":467},{"value":469,"title":470,"description":471},{"value":473,"title":474,"description":475},{"value":477,"title":478,"description":479},{"value":481,"title":482,"description":483},{"id":485,"fieldName":485,"fieldType":91,"displayName":486,"importance":369,"description":487,"tag":-1,"dataSource":1539,"enumValues":1540,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1541,1542,1543,1544,1545,1546,1547,1548,1549,1550,1551,1552,1553,1554,1555,1556,1557,1558,1559,1560,1561,1562,1563,1564,1565,1566,1567,1568,1569],{"value":491,"title":492,"description":493},{"value":495,"title":496,"description":497},{"value":499,"title":500,"description":501},{"value":503,"title":504,"description":505},{"value":507,"title":508,"description":509},{"value":511,"title":512,"description":513},{"value":515,"title":516,"description":517},{"value":519,"title":520,"description":521},{"value":523,"title":524,"description":525},{"value":527,"title":528,"description":529},{"value":531,"title":532,"description":533},{"value":535,"title":536,"description":537},{"value":539,"title":540,"description":541},{"value":543,"title":544,"description":545},{"value":547,"title":548,"description":549},{"value":551,"title":552,"description":553},{"value":481,"title":555,"description":556},{"value":558,"title":559,"description":560},{"value":562,"title":563,"description":564},{"value":566,"title":567,"description":568},{"value":570,"title":571,"description":572},{"value":574,"title":575,"description":576},{"value":578,"title":579,"description":580},{"value":582,"title":583,"description":584},{"value":586,"title":587,"description":588},{"value":590,"title":591,"description":592},{"value":594,"title":595,"description":596},{"value":598,"title":599,"description":600},{"value":602,"title":603,"description":604},{"id":1571,"fieldName":1571,"fieldType":61,"displayName":1572,"importance":337,"description":1573,"tag":-1,"dataSource":1574,"enumValues":1575,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},"XFF","XFF头","XFF头字段用于识别通过HTTP代理或负载均衡方式连接到Web服务器的客户端最原始的IP地址。",[1376],[],{"id":619,"fieldName":619,"fieldType":367,"displayName":620,"importance":369,"description":621,"tag":-1,"dataSource":1577,"enumValues":1578,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":625,"fieldName":625,"fieldType":367,"displayName":626,"importance":369,"description":627,"tag":-1,"dataSource":1580,"enumValues":1581,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":631,"fieldName":631,"fieldType":61,"displayName":632,"importance":337,"description":633,"tag":-1,"dataSource":1583,"enumValues":1584,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":637,"fieldName":637,"fieldType":61,"displayName":638,"importance":337,"description":639,"tag":-1,"dataSource":1586,"enumValues":1587,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":643,"fieldName":643,"fieldType":61,"displayName":644,"importance":337,"description":645,"tag":-1,"dataSource":1589,"enumValues":1590,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":649,"fieldName":649,"fieldType":61,"displayName":650,"importance":337,"description":651,"tag":-1,"dataSource":1592,"enumValues":1593,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":655,"fieldName":655,"fieldType":61,"displayName":656,"importance":337,"description":657,"tag":-1,"dataSource":1595,"enumValues":1596,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":661,"fieldName":661,"fieldType":61,"displayName":662,"importance":337,"description":663,"tag":-1,"dataSource":1598,"enumValues":1599,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":667,"fieldName":667,"fieldType":61,"displayName":668,"importance":337,"description":669,"tag":-1,"dataSource":1601,"enumValues":1602,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":673,"fieldName":673,"fieldType":61,"displayName":674,"importance":337,"description":675,"tag":-1,"dataSource":1604,"enumValues":1605,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":679,"fieldName":679,"fieldType":61,"displayName":680,"importance":337,"description":681,"tag":-1,"dataSource":1607,"enumValues":1608,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":685,"fieldName":685,"fieldType":61,"displayName":686,"importance":337,"description":687,"tag":-1,"dataSource":1610,"enumValues":1611,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":691,"fieldName":691,"fieldType":61,"displayName":692,"importance":337,"description":693,"tag":-1,"dataSource":1613,"enumValues":1614,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":697,"fieldName":697,"fieldType":61,"displayName":698,"importance":337,"description":699,"tag":-1,"dataSource":1616,"enumValues":1617,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":703,"fieldName":703,"fieldType":61,"displayName":704,"importance":337,"description":705,"tag":-1,"dataSource":1619,"enumValues":1620,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":709,"fieldName":709,"fieldType":61,"displayName":710,"importance":337,"description":711,"tag":-1,"dataSource":1622,"enumValues":1623,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":613,"fieldName":613,"fieldType":61,"displayName":614,"importance":369,"description":615,"tag":-1,"dataSource":1625,"enumValues":1626,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,67],[],{"id":747,"fieldName":747,"fieldType":91,"displayName":748,"importance":337,"description":749,"tag":-1,"dataSource":1628,"enumValues":1629,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1630,1631],{"value":753,"title":754,"description":755},{"value":757,"title":758,"description":759},{"id":761,"fieldName":761,"fieldType":91,"displayName":762,"importance":369,"description":763,"tag":-1,"dataSource":1633,"enumValues":1634,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1635,1636,1637,1638,1639,1640,1641,1642,1643,1644,1645,1646,1647,1648,1649,1650,1651,1652,1653,1654,1655,1656,1657,1658,1659,1660,1661,1662,1663,1664,1665,1666,1667,1668,1669,1670,1671,1672,1673,1674,1675,1676,1677,1678,1679,1680,1681,1682,1683,1684,1685,1686,1687,1688,1689,1690,1691,1692,1693,1694,1695,1696,1697,1698],{"value":767,"title":767,"description":767},{"value":769,"title":769,"description":769},{"value":771,"title":771,"description":771},{"value":773,"title":773,"description":773},{"value":775,"title":775,"description":775},{"value":777,"title":777,"description":777},{"value":779,"title":779,"description":779},{"value":781,"title":781,"description":781},{"value":783,"title":783,"description":783},{"value":785,"title":785,"description":785},{"value":787,"title":787,"description":787},{"value":789,"title":789,"description":789},{"value":791,"title":791,"description":791},{"value":793,"title":793,"description":793},{"value":795,"title":795,"description":795},{"value":797,"title":797,"description":797},{"value":799,"title":799,"description":799},{"value":801,"title":801,"description":801},{"value":803,"title":803,"description":803},{"value":805,"title":805,"description":805},{"value":807,"title":807,"description":807},{"value":809,"title":809,"description":809},{"value":811,"title":811,"description":811},{"value":813,"title":813,"description":813},{"value":815,"title":815,"description":815},{"value":817,"title":817,"description":817},{"value":819,"title":819,"description":819},{"value":821,"title":821,"description":821},{"value":823,"title":823,"description":823},{"value":825,"title":825,"description":825},{"value":827,"title":827,"description":827},{"value":829,"title":829,"description":829},{"value":831,"title":831,"description":831},{"value":833,"title":833,"description":833},{"value":835,"title":835,"description":835},{"value":837,"title":837,"description":837},{"value":839,"title":839,"description":839},{"value":841,"title":841,"description":841},{"value":843,"title":843,"description":843},{"value":845,"title":845,"description":845},{"value":847,"title":847,"description":847},{"value":849,"title":849,"description":849},{"value":851,"title":851,"description":851},{"value":853,"title":853,"description":853},{"value":855,"title":855,"description":855},{"value":857,"title":857,"description":857},{"value":859,"title":859,"description":859},{"value":861,"title":861,"description":861},{"value":863,"title":863,"description":863},{"value":865,"title":865,"description":865},{"value":867,"title":867,"description":867},{"value":869,"title":869,"description":869},{"value":871,"title":871,"description":871},{"value":873,"title":873,"description":873},{"value":875,"title":875,"description":875},{"value":877,"title":877,"description":877},{"value":879,"title":879,"description":879},{"value":881,"title":881,"description":881},{"value":883,"title":883,"description":883},{"value":885,"title":885,"description":885},{"value":887,"title":887,"description":887},{"value":889,"title":889,"description":889},{"value":891,"title":891,"description":891},{"value":893,"title":893,"description":893},{"id":727,"fieldName":727,"fieldType":91,"displayName":728,"importance":369,"description":729,"tag":-1,"dataSource":1700,"enumValues":1701,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[1702,1703,1704,1705],{"value":137,"title":733,"description":734},{"value":133,"title":736,"description":737},{"value":739,"title":740,"description":741},{"value":743,"title":744,"description":745},{"id":1008,"fieldName":1008,"fieldType":61,"displayName":1009,"importance":337,"description":1010,"tag":-1,"dataSource":1707,"enumValues":1708,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":715,"fieldName":715,"fieldType":61,"displayName":716,"importance":369,"description":717,"tag":-1,"dataSource":1710,"enumValues":1711,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":721,"fieldName":721,"fieldType":61,"displayName":722,"importance":369,"description":723,"tag":-1,"dataSource":1713,"enumValues":1714,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":606,"fieldName":606,"fieldType":607,"displayName":608,"importance":369,"description":609,"tag":-1,"dataSource":1716,"enumValues":1717,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,1376,66,67],[],{"id":895,"fieldName":895,"fieldType":61,"displayName":896,"importance":337,"description":897,"tag":-1,"dataSource":-1,"enumValues":1719,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[],{"id":948,"fieldName":948,"fieldType":61,"displayName":949,"importance":337,"description":950,"tag":-1,"dataSource":1721,"enumValues":1722,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[67],[],{"id":1014,"fieldName":1014,"fieldType":61,"displayName":1015,"importance":337,"description":1016,"tag":-1,"dataSource":1724,"enumValues":1725,"categoryId":36,"subCategoryId":1378,"subCategoryName":1379},[122,66],[],[1727,1733,1738],{"categoryDesc":1728,"categoryId":69,"categoryName":70,"dataSource":1729,"id":1730,"tag":1731},"记录应用级身份认证事件的日志，包括用户登录尝试、会话管理和访问控制验证。",[66,67],52,[1732],"暴力破解",{"categoryDesc":1734,"categoryId":1023,"categoryName":1024,"dataSource":1735,"id":1736,"tag":1737},"记录主机登录的身份验证尝试和访问事件，包括成功和失败的登录尝试。",[1021],53,[1732],{"categoryDesc":1739,"categoryId":1378,"categoryName":1379,"dataSource":1740,"id":1741,"tag":1742},"记录网络登录尝试和认证事件，包括成功、失败以及相关访问控制活动。",[122,1376,66,67],54,[1732],"# 主机登录认证  **路径**: 日志 > 身份认证与访问 > 主机登录认证  ## 描述  记录主机登录的身份验证尝试和访问事件，包括成功和失败的登录尝试。  ## 基本信息  - **分类ID**: `authentication_access_host_login` - **所属主分类**: 身份认证与访问 (`authentication_and_access`) - **所属类型**: 日志  ## 字段定义  本事件类型包含以下字段：  | 字段ID | 字段名称 | 数据类型 | 重要性 | 描述 | |--------|---------|---------|--------|------| | `machineCode` | 机器码 | `string` | REQUIRED | 机器码是日志来源设备的唯一标识符（设备ID），主要用于设备级联追踪。该字段值应保持全局唯一性，若无现成的设备ID，可参考硬件编码或基于许可证（license）信息生成。格式上，它必须为字符串，允许使用的字符包括大写字母（A-Z）、小写字母（a-z）和数字（0-9）。长度无固定限制，但应保证其唯一性和可管理性。 | | `productVendorName` | 产品厂商名称 | `string` | REQUIRED | 产品厂商名称字段用于标识安全产品厂商的官方全称。格式为字符串，无特定字符集限制，但应使用厂商在工商注册或官方宣传中使用的标准名称，以确保一致性和准确性。 | | `deviceSendProductName` | 设备产品名称 | `string` | REQUIRED | 设备产品名称用于标识生成日志的软件或硬件产品的官方标准名称。格式为字符串，需使用明确、规范的官方产品名称。 | | `deviceName` | 设备名称 | `string` | REQUIRED | 设备名称，用于标识日志生成设备的名称，可添加资产属性（如总部、下级等）。 | | `deviceAssetSubTypeId` | 设备子类型ID | `enum` | REQUIRED | 设备子类型ID是设备类型子分类的唯一数字标识符，用于标识具体的设备子类型。该字段为枚举类型，取值应在系统定义的枚举值范围内。 |  **枚举值详情：**  | 枚举值 | 名称 | 描述 | |--------|------|------| | `1` | Windows | Microsoft Windows操作系统 | | `2` | Nix | 类Unix操作系统，包括Linux和BSD变种 | | `3` | 路由器 | 网络路由设备，用于在网络之间转发数据包 | | `4` | 交换机 | 网络交换设备，用于在局域网内连接设备并转发数据帧 | | `5` | VPN | 虚拟专用网络设备，提供安全的远程访问和站点到站点连接 | | `6` | 负载均衡 | 负载均衡设备，用于分发网络流量以提高性能和可靠性 | | `7` | 防火墙 | 网络安全设备，用于控制进出网络的流量基于安全规则 | | `8` | 网闸 | 网络隔离设备，用于在安全级别不同的网络之间进行安全数据交换 | | `9` | 入侵检测系统(IDS) | 入侵检测系统，用于监控网络或系统活动以检测恶意行为 | | `10` | 入侵防护系统(IPS) | 入侵防护系统，在检测到威胁时主动阻止恶意流量 | | `11` | 统一威胁管理(UTM) | 统一威胁管理设备，集成多种安全功能如防火墙、防病毒和入侵防护 | | `12` | 下一代防火墙 | 下一代防火墙，提供应用层检测、深度包检查和高级威胁防护 | | `13` | Web应用防火墙(WAF) | Web应用防火墙，专门保护Web应用程序免受SQL注入、XSS等攻击 | | `14` | 流量监测设备 | 网络流量监测设备，用于实时分析和监控网络流量模式 | | `15` | 网页防篡改 | 网页防篡改系统，保护网站内容不被未经授权修改 | | `16` | 抗DDoS系统 | 抗分布式拒绝服务攻击系统，缓解DDoS攻击以保护服务可用性 | | `17` | 防病毒系统 | 防病毒系统，检测和清除恶意软件、病毒和木马 | | `18` | 防间谍系统 | 防间谍软件系统，防止间谍软件窃取敏感信息和监控用户活动 | | `19` | 防泄密系统 | 数据防泄密系统，监控和防止敏感数据通过各类渠道泄露 | | `20` | 邮件审计系统 | 邮件审计系统，监控和审计电子邮件内容以符合安全策略和合规要求 | | `21` | 身份管理系统 | 身份和访问管理系统，管理用户身份认证、授权和权限 | | `22` | 流量清洗系统 | 流量清洗系统，过滤恶意流量以保护网络资源和业务连续性 | | `23` | 数据库审计系统 | 数据库审计系统，监控和记录数据库访问、操作和权限变更 | | `24` | Web审计系统 | Web审计系统，审计Web应用程序的访问、操作和安全事件 | | `25` | 运维审计系统 | 运维审计系统，监控和记录系统运维操作，防止越权访问 | | `26` | 上网行为审计系统 | 上网行为审计系统，监控和审计员工网络使用行为以符合安全策略 | | `27` | 统一审计网关 | 统一审计网关，集中收集、规范化和分析各类审计日志 | | `28` | 日志审计系统 | 日志审计系统，收集、存储、分析和告警系统安全日志 | | `29` | 安全管理系统 | 安全管理系统，集成安全管理功能如策略管理、风险管理和事件响应 | | `30` | 蜜罐系统 | 蜜罐系统，诱骗攻击者以收集攻击信息和分析攻击手法 | | `31` | 应用扫描器 | 应用程序漏洞扫描器，检测Web应用和移动应用的安全漏洞 | | `32` | 网络扫描器 | 网络漏洞扫描器，扫描网络设备、服务和端口以发现安全漏洞 | | `33` | 主机扫描器 | 主机漏洞扫描器，扫描操作系统和应用程序漏洞及配置问题 | | `34` | WEB服务器 | Web服务器软件，如IIS、Apache、Nginx等，托管网站和应用 | | `35` | 数据库服务器 | 数据库服务器软件，如MySQL、Oracle、SQL Server等，存储和管理数据 | | `36` | 邮件服务器 | 邮件服务器软件，如Exchange、Postfix等，处理电子邮件收发 | | `37` | 存储服务器 | 存储服务器，提供数据存储、备份和共享服务 | | `38` | FTP服务器 | FTP服务器，提供文件传输协议服务，支持文件上传下载 | | `39` | 应用服务器 | 应用服务器，运行企业应用程序和业务逻辑，如Java EE、.NET应用 | | `43` | Windows审计代理 | Windows系统审计代理，收集Windows事件日志和系统活动 | | `44` | Nix审计代理 | 类Unix系统审计代理，收集Linux/Unix系统日志和审计数据 | | `45` | WMI审计代理 | Windows管理规范审计代理，通过WMI收集系统信息和事件 | | `51` | 采集器 | 日志采集器，从各种数据源收集和转发日志数据 | | `52` | 通信服务器 | 通信服务器，处理网络通信、消息传递和协议转换 | | `53` | 关联引擎 | 安全事件关联引擎，分析日志数据以检测复杂安全事件 | | `55` | 其他 | 其他未分类的设备类型 | | `56` | 主机安全管理系统(EDR) | 端点检测与响应系统，监控主机活动、检测威胁并响应安全事件 | | `57` | 虚拟化设备 | 虚拟化平台设备，如VMware ESXi、Hyper-V等，运行虚拟机 | | `58` | 网络打印机 | 网络连接的打印机设备，支持网络打印功能 | | `59` | APT | 高级持久威胁检测系统，针对APT攻击进行监测和防护 | | `60` | DNS服务器 | 域名系统服务器，提供域名解析服务和DNS安全防护 | | `61` | API风险监测系统 | API风险监测系统，监控API接口的安全风险和使用异常 | | `62` | API安全网关 | API安全网关，保护API接口免受攻击，提供认证、授权和限流 | | `63` | 脆弱性扫描系统 | 脆弱性扫描系统，全面扫描系统、网络和应用漏洞 | | `65` | UES | 统一端点安全系统，集成终端防护、检测和响应功能 |  | `deviceAddress` | 设备IP地址 | `string` | REQUIRED | 设备产生日志时的IP地址，用于标识日志来源设备。格式要求：必须为有效的IPv4或IPv6地址格式。 | | `eventId` | 事件ID | `string` | REQUIRED | 事件ID是日志事件的全局唯一标识符，通常采用UUID或时间戳序列等不可重复算法生成。格式应为标准的UUID字符串，例如：550e8400-e29b-41d4-a716-446655440000。要求全局唯一，不可重复。 | | `name` | 概要名称 | `string` | REQUIRED | 概要名称是日志或告警的简要标题或标识，用于快速识别事件内容。该字段为字符串类型，需保持简洁明了。 | | `message` | 描述 | `string` | OPTIONAL | 用于记录日志或告警的详细描述信息，以文本字符串形式存储。内容通常包含对安全事件、系统活动或异常情况的说明、上下文及关键参数。 | | `startTime` | 开始时间 | `string` | REQUIRED | 该字段记录事件活动开始的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。 | | `endTime` | 结束时间 | `string` | REQUIRED | 记录事件活动结束的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。 | | `deviceReceiptTime` | 设备接收时间 | `string` | REQUIRED | 该字段记录设备采集器本地接收并生成日志事件的精确时间。时间格式必须为标准的日期时间字符串，格式为yyyy-mm-dd HH:mm:ss。 | | `collectorReceiptTime` | 采集器接收时间 | `string` | REQUIRED | 采集器接收日志事件的精确时间，时间格式必须为标准的日期时间字符串，格式要求为yyyy-mm-dd HH:mm:ss。 | | `severity` | 安全威胁等级 | `integer` | RECOMMENDED | 标识日志或告警的安全威胁严重程度等级。该字段为整型数值，取值范围为0至10，每个数值对应特定的威胁级别：0表示无风险，1-3表示低危，4-6表示中危，7-9表示高危，10表示危急。 | | `catOutcome` | 结果分类 | `enum` | RECOMMENDED | 该字段用于标识事件操作或攻击的最终结果状态。其值为预定义的枚举类型，当前主要可选值包括：OK（表示操作成功）、FAIL（表示操作失败）、Attempt（表示尝试性操作）。取值应严格限定在系统定义的枚举值范围内。 |  **枚举值详情：**  | 枚举值 | 名称 | 描述 | |--------|------|------| | `OK` | 成功 | 可以合理的推测事件已成功 | | `FAIL` | 失败 | 可以合理的推测事件已失败 | | `Attempt` | 尝试 | 事件已发生，但是无法明确成功或失败 |  | `logType` | 日志类型 | `enum` | RECOMMENDED | 该字段标识日志事件的功能或对象实体分类。其值为预定义的枚举字符串，例如：alert（告警类日志）、traffic（网络通信类日志）、process（进程操作类日志）、command（命令执行类日志）、file（文件操作类日志）等。 |  **枚举值详情：**  | 枚举值 | 名称 | 描述 | |--------|------|------| | `alert` | 告警类日志 | 安全告警事件日志，包含威胁检测、异常行为和安全风险告警 | | `traffic` | 网络通信类日志 | 网络流量和通信会话日志，记录网络连接、数据传输和协议通信 | | `process` | 进程操作类日志 | 进程生命周期管理日志，记录进程创建、终止、注入等操作 | | `command` | 命令执行类日志 | 命令行和脚本执行日志，记录系统命令、PowerShell和Shell命令执行 | | `file` | 文件操作类日志 | 文件系统操作日志，记录文件创建、修改、删除、访问等操作 | | `account` | 账号操作类日志 | 用户账户管理日志，记录用户登录、注销、权限变更和账户管理操作 | | `config` | 配置操作类日志 | 系统配置变更日志，记录安全策略、系统设置和配置修改操作 | | `status` | 系统状态类日志 | 系统运行状态日志，记录系统启动、关机、重启和运行状态变更 | | `system_operation` | 系统操作类日志 | 系统级管理操作日志，记录系统维护、管理和控制操作 | | `system_resource` | 系统资源类日志 | 系统资源使用日志，记录CPU、内存、磁盘和网络资源使用情况 | | `domain` | 域名操作类日志 | 域名解析和查询日志，记录DNS查询、域名解析和网络定位操作 | | `registry` | 注册表操作类日志 | Windows注册表操作日志，记录注册表键值创建、修改和删除操作 | | `app` | 应用程序类日志 | 应用程序运行日志，记录应用程序启动、运行、错误和业务操作 | | `service` | 服务操作类日志 | 系统服务管理日志，记录Windows/Linux服务的创建、启动、停止和配置变更 | | `task` | 任务操作类日志 | 计划任务和作业日志，记录定时任务创建、执行、修改和删除操作 | | `thread` | 线程操作类日志 | 线程管理日志，记录线程创建、终止、挂起和优先级变更操作 | | `module` | 模块操作类日志 | 程序模块管理日志，记录DLL、SO等模块的加载、卸载和内存映射 | | `driver` | 驱动操作类日志 | 设备驱动程序日志，记录内核驱动加载、卸载和运行状态 | | `pipe` | 管道操作类日志 | 进程间通信日志，记录命名管道创建、连接、数据传输操作 | | `wmi` | WMI操作类日志 | Windows管理规范操作日志，记录WMI查询、事件订阅和代码执行 | | `winrm` | WinRM操作类日志 | Windows远程管理日志，记录远程PowerShell命令执行和系统管理操作 | | `others` | 其他类型日志 | 未分类的其他日志类型，包含无法归入上述分类的日志事件 |  | `opType` | 操作类型 | `enum` | RECOMMENDED | 操作类型，标识事件中对目标对象执行的具体操作行为。本字段为枚举类型，其值必须为预定义的操作类型字符串，例如：read（读取）、write（写入）、create（创建）、delete（删除）、modify（修改）等。 |  **枚举值详情：**  | 枚举值 | 名称 | 描述 | |--------|------|------| | `read` | 读取 | 读取数据操作，包括文件读取、注册表查询、内存读取等 | | `write` | 写入 | 写入数据操作，包括文件写入、注册表修改、配置变更等 | | `create` | 创建 | 创建新对象操作，包括文件创建、进程创建、用户账户创建等 | | `delete` | 删除 | 删除对象操作，包括文件删除、注册表项删除、用户账户删除等 | | `modify` | 修改 | 修改对象属性操作，包括文件属性修改、权限变更、配置调整等 | | `login` | 登录 | 身份认证成功操作，包括系统登录、应用登录、远程访问登录等 | | `logout` | 登出 | 会话终止操作，包括用户登出、会话超时、强制注销等 | | `execute` | 执行 | 程序执行操作，包括进程启动、命令执行、脚本运行等 | | `start` | 启动 | 服务启动操作，包括系统服务启动、计划任务触发、守护进程启动等 | | `stop` | 停止 | 服务停止操作，包括系统服务停止、进程终止、任务结束等 | | `access` | 访问 | 资源访问操作，包括进程访问、内存访问、共享资源访问等 | | `connect` | 连接 | 网络连接操作，包括网络连接建立、会话创建、远程连接等 | | `load` | 加载 | 模块加载操作，包括驱动加载、DLL加载、插件加载等 | | `send` | 发送 | 数据发送操作，包括网络数据发送、邮件发送、消息发送等 | | `receive` | 接收 | 数据接收操作，包括网络数据接收、邮件接收、消息接收等 | | `combine` | 组合操作 | 复合操作类型，表示多个操作的组合执行 | | `others` | 其他操作 | 未分类的其他操作类型 | | `query` | 查询 | 数据查询操作，包括数据库查询、目录查询、信息检索等 | | `rename` | 重命名 | 对象重命名操作，包括文件重命名、账户重命名、服务重命名等 | | `listen` | 监听 | 网络监听操作，包括端口监听、会话监听、事件监听等 | | `setValue` | 设置键值 | 键值设置操作，包括注册表键值设置、配置参数设置、环境变量设置等 | | `addedGroup` | 添加至组 | 组成员添加操作，包括用户添加到组、计算机加入域等 | | `removedGroup` | 组中移除 | 组成员移除操作，包括用户从组中移除、计算机脱离域等 | | `changePassword` | 修改密码 | 密码修改操作，包括用户密码修改、服务账户密码变更等 | | `resetPassword` | 重置密码 | 密码重置操作，包括管理员重置用户密码、密码恢复等 | | `disable` | 禁用 | 对象禁用操作，包括用户账户禁用、服务禁用、策略禁用等 | | `enable` | 启用 | 对象启用操作，包括用户账户启用、服务启用、策略启用等 | | `lock` | 锁定 | 对象锁定操作，包括用户账户锁定、会话锁定、资源锁定等 | | `unlock` | 解锁 | 对象解锁操作，包括用户账户解锁、会话解锁、资源解锁等 |  | `eventCount` | 事件数量 | `long` | RECOMMENDED | 事件数量字段用于统计相同类型或相关事件的发生次数。通常为非负整数。 | | `dataSourceAddress` | 数据来源地址 | `string` | RECOMMENDED | 数据来源地址，指提供数据的设备网络地址。该字段必须是合法的IP地址格式，支持IPv4和IPv6地址。IPv4地址为点分十进制格式（如192.168.1.5），IPv6地址为冒号分隔的十六进制格式。 | | `srcAddress` | 来源IP | `string` | RECOMMENDED | 来源IP地址，指网络连接或安全事件的发起方所使用的IP地址。该字段必须符合IP地址格式规范，支持IPv4和IPv6地址。IPv4地址为点分十进制格式（如：192.168.1.1），IPv6地址为冒号分隔的十六进制格式（如：2001:0db8:85a3:0000:0000:8a2e:0370:7334）。 | | `destPort` | 目的端口 | `integer` | RECOMMENDED | 目的端口是网络连接接收方的端口号，用于标识接收方应用程序或服务。该字段为整数类型，取值范围为0-65535，其中0-1023为知名端口，1024-49151为注册端口，49152-65535为动态或私有端口。 | | `destAddress` | 目的IP | `string` | RECOMMENDED | 目的IP地址，标识网络通信连接的目标IP地址。格式要求：必须符合IP地址格式规范，支持IPv4（如192.168.1.1）或IPv6（如2001:0db8:85a3:0000:0000:8a2e:0370:7334）地址表示法。 | | `srcPort` | 源端口 | `integer` | RECOMMENDED | 源端口是指网络连接发起方的端口号，用于标识发起通信的应用程序或服务。端口号必须是整数，取值范围为0到65535，其中0通常保留，1到1023为知名端口，1024到49151为注册端口，49152到65535为动态或私有端口。 | | `loginId` | 登录ID | `string` | OPTIONAL | 系统分配的登录会话标识符，用于唯一标识用户的登录会话。该字段为字符串类型，通常为数字或字母数字组合的序列。 | | `srcHostName` | 来源主机名 | `string` | OPTIONAL | 该字段表示网络连接或威胁攻击中发起方的主机名。主机名可以是NetBIOS名称、DNS主机名或本地配置的机器名。格式为字符串，通常遵循主机名的通用命名规范。 | | `processId` | 进程ID | `string` | OPTIONAL | 进程ID是操作系统分配给进程的唯一数字标识符，用于在操作系统中唯一标识一个正在运行的进程。该字段为字符串类型，通常由数字组成，长度和具体值取决于操作系统和进程状态。 | | `image` | 进程路径 | `string` | OPTIONAL | 该字段表示进程可执行文件在文件系统中的完整路径。路径格式应符合操作系统规范，通常为字符串形式，例如以斜杠（/）开头的绝对路径（Linux/Unix系统）或包含盘符和反斜杠的路径（Windows系统）。 | | `destUserName` | 目标用户名 | `string` | OPTIONAL | 该字段表示网络连接、系统访问或安全事件的目标主体用户身份名称。其值为字符串类型，具体内容应为操作系统或应用程序中定义的有效用户名。 | | `destNtDomain` | 目的NT域 | `string` | OPTIONAL | 目的设备所属的Windows NT域名称。格式为字符串，通常用于标识Windows网络环境中的域。 | | `destLoginId` | 目标登录ID | `string` | OPTIONAL | 目标系统或服务的登录标识符，通常用于标识用户或实体在目标系统上的身份。 | | `destUserId` | 目标用户ID | `string` | OPTIONAL | 目标用户的唯一标识符，通常用于标识网络连接的接收方或目标用户。 | | `failReason` | 失败原因 | `string` | OPTIONAL | 记录操作失败的具体技术原因和上下文信息，通常为字符串文本，用于说明导致失败的详细技术细节或环境因素。 | | `srcUserId` | 源用户ID | `string` | OPTIONAL | 源用户ID是发起网络连接或操作的用户唯一标识符，通常用于标识操作主体。该字段为字符串类型，格式因系统或协议而异，常见格式包括Windows安全标识符（SID，如示例“S-1-5-18”）、用户名、用户全局唯一标识符（GUID）或数字ID等。 | | `srcUserName` | 源用户名 | `string` | RECOMMENDED | 源用户名指发起网络连接、系统访问或安全事件的主体用户身份名称。 | | `srcNtDomain` | 来源NT域 | `string` | OPTIONAL | 来源设备所属的Windows NT域名，用于标识源设备在Windows网络中的域成员身份。该字段为字符串类型，通常由字母、数字、连字符(-)和点号(.)组成。 | | `srcLoginId` | 源登录ID | `string` | OPTIONAL | 源登录ID是指在网络通信中发起操作或请求时使用的用户登录标识符，用于唯一标识发起方用户。 | | `loginGuid` | 登录GUID | `string` | OPTIONAL | 登录会话的全局唯一标识符，用于唯一标识一次登录会话。格式为标准的GUID格式，通常为32位十六进制数字，以连字符分隔为5组，形式如：xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx，其中每个x为0-9或a-f的十六进制字符。 | | `destLoginGuid` | 目标登录GUID | `string` | OPTIONAL | 目标系统上特定登录会话或登录请求的唯一标识符，通常为GUID（全局唯一标识符）格式。 | | `destInfo` | 目标信息 | `string` | OPTIONAL | 目标信息，指尝试登录的目标计算机或服务的具体标识，例如主机名、IP地址或服务名称。格式要求：通常为字符串格式，可以是有效的域名、IPv4地址、IPv6地址或主机名。 | | `destServiceName` | 目标服务名称 | `string` | OPTIONAL | 该字段表示被访问或引用的目标服务名称，例如主机名、数据库实例名或应用服务标识。 | | `appProtocol` | 应用协议 | `enum` | RECOMMENDED | 应用协议字段表示OSI模型中应用层使用的协议类型。该字段为枚举类型，取值范围应在预定义的协议标识符列表中。 |  **枚举值详情：**  | 枚举值 | 名称 | 描述 | |--------|------|------| | `http` | http | http | | `https` | https | https | | `dns` | dns | dns | | `ssh` | ssh | ssh | | `telnet` | telnet | telnet | | `telnets` | telnets | telnets | | `rsync` | rsync | rsync | | `tftp` | tftp | tftp | | `ftp` | ftp | ftp | | `sftp` | sftp | sftp | | `smb` | smb | smb | | `ntp` | ntp | ntp | | `mysql` | mysql | mysql | | `ms-sql-s` | ms-sql-s | ms-sql-s | | `ms-sql-m` | ms-sql-m | ms-sql-m | | `oracle` | oracle | oracle | | `nfs` | nfs | nfs | | `pop2` | pop2 | pop2 | | `pop3` | pop3 | pop3 | | `pop3s` | pop3s | pop3s | | `smtp` | smtp | smtp | | `imap` | imap | imap | | `imaps` | imaps | imaps | | `chargen` | chargen | chargen | | `qotd` | qotd | qotd | | `x11` | x11 | x11 | | `uucp` | uucp | uucp | | `rcp` | rcp | rcp | | `postgres` | postgres | postgres | | `bootps` | bootps | bootps | | `bootpc` | bootpc | bootpc | | `squid` | squid | squid | | `ftps` | ftps | ftps | | `ircs` | ircs | ircs | | `echo` | echo | echo | | `sunrpc` | sunrpc | sunrpc | | `auth` | auth | auth | | `tacacs` | tacacs | tacacs | | `nntp` | nntp | nntp | | `radius` | radius | radius | | `netbios-ns` | netbios-ns | netbios-ns | | `netbios-dgm` | netbios-dgm | netbios-dgm | | `netbios-ssn` | netbios-ssn | netbios-ssn | | `wins` | wins | wins | | `snmp` | snmp | snmp | | `snmptrap` | snmptrap | snmptrap | | `bgp` | bgp | bgp | | `irc` | irc | irc | | `ldap` | ldap | ldap | | `ldaps` | ldaps | ldaps | | `timbuktu` | timbuktu | timbuktu | | `nnsp` | nnsp | nnsp | | `daytime` | daytime | daytime | | `ircd` | ircd | ircd | | `isakmp` | isakmp | isakmp | | `printer` | printer | printer | | `dhcpv6-client` | dhcpv6-client | dhcpv6-client | | `dhcpv6-server` | dhcpv6-server | dhcpv6-server | | `rtsp` | rtsp | rtsp | | `nntps` | nntps | nntps | | `discard` | discard | discard | | `ipx` | ipx | ipx | | `finger` | finger | finger | | `rdp` | rdp | rdp |  | `hostAddress` | 主机IP | `string` | OPTIONAL | 主机IP地址，用于标识主机在网络中的位置。必须符合IPv4或IPv6地址格式规范。IPv4地址为点分十进制格式，由四个0-255的十进制数组成，以点分隔。IPv6地址为冒号分隔的十六进制数格式。 | | `deviceVersion` | 设备版本 | `string` | OPTIONAL | 设备版本标识设备固件、操作系统或嵌入式软件的完整版本信息。版本号通常采用多段数字格式，如主版本号.次版本号.修订号.构建号等。 | | `srcTransAddress` | 转换后源IP地址 | `string` | OPTIONAL | 转换后源IP地址是指经过网络地址转换（NAT）、代理服务器或VPN隧道封装处理后，数据包在网络层呈现的源IP地址。该字段必须符合IP地址格式规范，即点分十进制表示的IPv4地址（例如：192.168.1.1）或符合RFC标准的IPv6地址。 |  ### 字段统计  - **总字段数**: 44 - **必填字段**: 12 - **推荐字段**: 12 - **可选字段**: 20  ### 数据类型分布  - **string**: 35 个字段 - **integer**: 3 个字段 - **long**: 1 个字段 - **enum**: 5 个字段",[1745],{"label":1021,"key":1746},"Endpoint Detection And Response",[],1776855162771]