From d48525de11f088961708436a848d7b337f915c65 Mon Sep 17 00:00:00 2001
From: Derrick Lee <derricklee@microsoft.com>
Date: Fri, 16 Jan 2026 12:16:57 -0800
Subject: [PATCH] Update ASimTester.csv

---
 ASIM/dev/ASimTester/ASimTester.csv | 406 ++++++++++++++---------------
 1 file changed, 203 insertions(+), 203 deletions(-)

diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv
index 1b612eeda11..e90aa355cda 100644
--- a/ASIM/dev/ASimTester/ASimTester.csv
+++ b/ASIM/dev/ASimTester/ASimTester.csv
@@ -12,8 +12,8 @@ ActingAppType,string,Optional,Authentication,Enumerated,Process|Service|Resource
 ActingAppType,string,Optional,FileEvent,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
 ActingAppType,string,Optional,UserManagement,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
 ActingOriginalAppType,string,Optional,AuditEvent,,,
-ActingOriginalAppType,string,Optional,UserManagement,,,
 ActingOriginalAppType,string,Optional,Authentication,,,
+ActingOriginalAppType,string,Optional,UserManagement,,,
 ActingProcessCommandLine,string,Optional,FileEvent,,,
 ActingProcessCommandLine,string,Optional,ProcessEvent,,,
 ActingProcessCreationTime,datetime,Optional,ProcessEvent,,,
@@ -43,15 +43,16 @@ ActingProcessSHA1,string,Optional,ProcessEvent,SHA1,,
 ActingProcessSHA256,string,Optional,ProcessEvent,SHA256,,
 ActingProcessSHA512,string,Optional,ProcessEvent,SHA512,,
 ActingProcessTokenElevation,string,Optional,ProcessEvent,,,
-ActorOriginalUserType,string,Optional,UserManagement,,,
 ActorOriginalUserType,string,Optional,AuditEvent,,,
 ActorOriginalUserType,string,Optional,Authentication,,,
 ActorOriginalUserType,string,Optional,FileEvent,,,
 ActorOriginalUserType,string,Optional,ProcessEvent,,,
+ActorOriginalUserType,string,Optional,UserManagement,,,
 ActorScope,string,Optional,AuditEvent,,,
 ActorScope,string,Optional,Authentication,,,
 ActorScope,string,Optional,FileEvent,,,
 ActorScope,string,Optional,ProcessEvent,,,
+ActorScope,string,Optional,RegistryEvent,,,
 ActorScope,string,Optional,UserManagement,,,
 ActorScopeId,string,Optional,AuditEvent,,,
 ActorScopeId,string,Optional,Authentication,,,
@@ -104,9 +105,11 @@ ActorUserType,string,Optional,FileEvent,Enumerated,Regular|Guest|Machine|Admin|S
 ActorUserType,string,Optional,ProcessEvent,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
 ActorUserType,string,Optional,UserManagement,Enumerated,Regular|Machine|Admin|System|Application|Service Principal|Other|Anonymous,
 ActorUserUpn,string,Optional,ProcessEvent,,,
+AdditionalFields,dynamic,Optional,AlertEvent,,,
 AdditionalFields,dynamic,Optional,AuditEvent,,,
 AdditionalFields,dynamic,Optional,Authentication,,,
 AdditionalFields,dynamic,Optional,Common,,,
+AdditionalFields,dynamic,Optional,DhcpEvent,,,
 AdditionalFields,dynamic,Optional,Dns,,,
 AdditionalFields,dynamic,Optional,FileEvent,,,
 AdditionalFields,dynamic,Optional,NetworkSession,,,
@@ -114,8 +117,7 @@ AdditionalFields,dynamic,Optional,ProcessEvent,,,
 AdditionalFields,dynamic,Optional,RegistryEvent,,,
 AdditionalFields,dynamic,Optional,UserManagement,,,
 AdditionalFields,dynamic,Optional,WebSession,,,
-AdditionalFields,dynamic,Optional,DhcpEvent,,,
-AdditionalFields,string,Optional,AlertEvent,,,
+AlertDescription,string,Alias,AlertEvent,,,EventMessage
 AlertId,string,Alias,AlertEvent,,,EventUid
 AlertName,string,Recommended,AlertEvent,,,
 AlertOriginalStatus,string,Optional,AlertEvent,,,
@@ -125,6 +127,7 @@ Application,string,Alias,AuditEvent,,,TargetAppName
 Application,string,Alias,Authentication,,,TargetAppName
 Application,string,Alias,FileEvent,,,TargetAppName
 ASimMatchingHostname,string,Recommended,NetworkSession,Enumerated,SrcHostname|DstHostname|Both|-,
+ASimMatchingHostname,string,Recommended,WebSession,Enumerated,SrcHostname|DstHostname|Both|-,
 ASimMatchingIpAddr,string,Recommended,NetworkSession,Enumerated,SrcIpAddr|DstIpAddr|Both|-,
 ASimMatchingIpAddr,string,Recommended,WebSession,Enumerated,SrcIpAddr|DstIpAddr|Both|-,
 AttackRemediationSteps,string,Recommended,AlertEvent,,,
@@ -199,7 +202,11 @@ DstDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VM
 DstDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DstDvcId
 DstDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DstDvcId
 DstDvcScope,string,Optional,Dns,,,
+DstDvcScope,string,Optional,NetworkSession,,,
+DstDvcScope,string,Optional,WebSession,,,
 DstDvcScopeId,string,Optional,Dns,,,
+DstDvcScopeId,string,Optional,NetworkSession,,,
+DstDvcScopeId,string,Optional,WebSession,,,
 DstFQDN,string,Optional,Dns,FQDN,,
 DstFQDN,string,Optional,NetworkSession,FQDN,,
 DstFQDN,string,Optional,WebSession,FQDN,,
@@ -243,8 +250,11 @@ DstPortNumber,int,Optional,Dns,,,
 DstPortNumber,int,Optional,NetworkSession,,,
 DstPortNumber,int,Optional,WebSession,,,
 DstProcessGuid,string,Optional,NetworkSession,,,
+DstProcessGuid,string,Optional,WebSession,,,
 DstProcessId,string,Optional,NetworkSession,,,
+DstProcessId,string,Optional,WebSession,,,
 DstProcessName,string,Optional,NetworkSession,,,
+DstProcessName,string,Optional,WebSession,,,
 DstRiskLevel,int,Optional,Dns,,,
 DstUserId,string,Optional,NetworkSession,,,
 DstUserId,string,Optional,WebSession,,,
@@ -254,19 +264,24 @@ DstUsername,string,Optional,NetworkSession,,,
 DstUsername,string,Optional,WebSession,,,
 DstUsernameType,string,Conditional,NetworkSession,Enumerated,UPN|Windows|DN|Simple,DstUsername
 DstUsernameType,string,Conditional,WebSession,Enumerated,UPN|Windows|DN|Simple,DstUsername
+DstUserScope,string,Optional,NetworkSession,,,
+DstUserScope,string,Optional,WebSession,,,
+DstUserScopeId,string,Optional,NetworkSession,,,
+DstUserScopeId,string,Optional,WebSession,,,
 DstUserType,string,Optional,NetworkSession,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
 DstUserType,string,Optional,WebSession,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
-DstVlanId,string,Optional,WebSession,,,
 DstVlanId,string,Optional,NetworkSession,,,
+DstVlanId,string,Optional,WebSession,,,
 DstZone,string,Optional,NetworkSession,,,
 DstZone,string,Optional,WebSession,,,
+Duration,int,Alias,DhcpEvent,,,DhcpSessionDuration
 Duration,int,Alias,Dns,,,DnsNetworkDuration
 Duration,int,Alias,NetworkSession,,,NetworkDuration
 Duration,int,Alias,WebSession,,,NetworkDuration
-Duration,int,Alias,DhcpEvent,,,DhcpSessionDuration
 Dvc,string,Mandatory,AuditEvent,,,
 Dvc,string,Mandatory,Authentication,,,
 Dvc,string,Mandatory,Common,,,
+Dvc,string,Mandatory,DhcpEvent,,,
 Dvc,string,Mandatory,Dns,,,
 Dvc,string,Mandatory,NetworkSession,,,
 Dvc,string,Mandatory,ProcessEvent,Hostname,,
@@ -274,17 +289,19 @@ Dvc,string,Mandatory,RegistryEvent,Hostname,,
 Dvc,string,Mandatory,UserManagement,,,
 Dvc,string,Mandatory,WebSession,,,
 Dvc,string,Optional,FileEvent,,,
+DvcAction,string,Optional,AlertEvent,,,
 DvcAction,string,Optional,Common,,,
 DvcAction,string,Optional,Dns,,,
-DvcAction,string,Recommended,NetworkSession,Enumerated,Allow|Deny|Drop|Drop ICMP|Reset|Reset Source|Reset Destination|Encrypt|Decrypt|VPNroute,
 DvcAction,string,Optional,ProcessEvent,,,
+DvcAction,string,Optional,RegistryEvent,,,
 DvcAction,string,Optional,WebSession,Enumerated,Allow|Deny|Drop|Drop ICMP|Reset|Reset Source|Reset Destination|Encrypt|Decrypt|VPNroute,
 DvcAction,string,Recommended,AuditEvent,,,
 DvcAction,string,Recommended,Authentication,,,
 DvcAction,string,Recommended,DhcpEvent,,,
 DvcAction,string,Recommended,FileEvent,,,
+DvcAction,string,Recommended,NetworkSession,Enumerated,Allow|Deny|Drop|Drop ICMP|Reset|Reset Source|Reset Destination|Encrypt|Decrypt|VPNroute,
 DvcAction,string,Recommended,UserManagement,,,
-DvcAction,string,Optional,AlertEvent,,,
+DvcDescription,string,Optional,AlertEvent,,,
 DvcDescription,string,Optional,AuditEvent,,,
 DvcDescription,string,Optional,Authentication,,,
 DvcDescription,string,Optional,Common,,,
@@ -296,7 +313,7 @@ DvcDescription,string,Optional,ProcessEvent,,,
 DvcDescription,string,Optional,RegistryEvent,,,
 DvcDescription,string,Optional,UserManagement,,,
 DvcDescription,string,Optional,WebSession,,,
-DvcDescription,string,Optional,AlertEvent,,,
+DvcDomain,string,Optional,AlertEvent,,,
 DvcDomain,string,Recommended,AuditEvent,,,
 DvcDomain,string,Recommended,Authentication,Domain,,
 DvcDomain,string,Recommended,Common,Domain,,
@@ -305,9 +322,10 @@ DvcDomain,string,Recommended,Dns,Domain,,
 DvcDomain,string,Recommended,FileEvent,,,
 DvcDomain,string,Recommended,NetworkSession,Domain,,
 DvcDomain,string,Recommended,ProcessEvent,Domain,,
+DvcDomain,string,Recommended,RegistryEvent,Domain,,
 DvcDomain,string,Recommended,UserManagement,,,
 DvcDomain,string,Recommended,WebSession,Domain,,
-DvcDomain,string,Optional,AlertEvent,,,
+DvcDomainType,string,Conditional,AlertEvent,Enumerated,Windows|FQDN,DvcDomain
 DvcDomainType,string,Conditional,AuditEvent,Enumerated,Windows|FQDN,DvcDomain
 DvcDomainType,string,Conditional,Authentication,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
 DvcDomainType,string,Conditional,Common,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
@@ -315,10 +333,11 @@ DvcDomainType,string,Conditional,DhcpEvent,Enumerated,Windows|FQDN|ResourceGroup
 DvcDomainType,string,Conditional,Dns,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
 DvcDomainType,string,Conditional,FileEvent,Enumerated,Windows|FQDN,DvcDomain
 DvcDomainType,string,Conditional,NetworkSession,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
-DvcDomainType,string,Conditional,WebSession,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
 DvcDomainType,string,Conditional,ProcessEvent,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
+DvcDomainType,string,Conditional,RegistryEvent,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
 DvcDomainType,string,Conditional,UserManagement,Enumerated,Windows|FQDN,DvcDomain
-DvcDomainType,string,Conditional,AlertEvent,Enumerated,Windows|FQDN,DvcDomain
+DvcDomainType,string,Conditional,WebSession,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
+DvcFQDN,string,Optional,AlertEvent,FQDN,,
 DvcFQDN,string,Optional,AuditEvent,FQDN,,
 DvcFQDN,string,Optional,Authentication,FQDN,,
 DvcFQDN,string,Optional,Common,FQDN,,
@@ -327,10 +346,10 @@ DvcFQDN,string,Optional,Dns,FQDN,,
 DvcFQDN,string,Optional,FileEvent,FQDN,,
 DvcFQDN,string,Optional,NetworkSession,FQDN,,
 DvcFQDN,string,Optional,ProcessEvent,FQDN,,
+DvcFQDN,string,Optional,RegistryEvent,FQDN,,
 DvcFQDN,string,Optional,WebSession,FQDN,,
 DvcFQDN,string,Recommended,UserManagement,FQDN,,
-DvcFQDN,string,Optional,AlertEvent,FQDN,,
-DvcHostname,string,Recommended,UserManagement,Hostname,,
+DvcHostname,string,Recommended,AlertEvent,Hostname,,
 DvcHostname,string,Recommended,AuditEvent,Hostname,,
 DvcHostname,string,Recommended,Authentication,Hostname,,
 DvcHostname,string,Recommended,Common,Hostname,,
@@ -340,8 +359,8 @@ DvcHostname,string,Recommended,FileEvent,Hostname,,
 DvcHostname,string,Recommended,NetworkSession,Hostname,,
 DvcHostname,string,Recommended,ProcessEvent,Hostname,,
 DvcHostname,string,Recommended,RegistryEvent,Hostname,,
+DvcHostname,string,Recommended,UserManagement,Hostname,,
 DvcHostname,string,Recommended,WebSession,Hostname,,
-DvcHostname,string,Recommended,AlertEvent,Hostname,,
 DvcId,string,Optional,AuditEvent,,,
 DvcId,string,Optional,Authentication,,,
 DvcId,string,Optional,Common,,,
@@ -352,8 +371,9 @@ DvcId,string,Optional,NetworkSession,,,
 DvcId,string,Optional,ProcessEvent,,,
 DvcId,string,Optional,RegistryEvent,,,
 DvcId,string,Optional,WebSession,,,
-DvcId,string,Recommended,UserManagement,,,
 DvcId,string,Recommended,AlertEvent,,,
+DvcId,string,Recommended,UserManagement,,,
+DvcIdType,string,Conditional,AlertEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|FQDN|Other,DvcId
 DvcIdType,string,Conditional,AuditEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|Other,DvcId
 DvcIdType,string,Conditional,Authentication,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
 DvcIdType,string,Conditional,Common,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
@@ -363,10 +383,11 @@ DvcIdType,string,Conditional,FileEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid
 DvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
 DvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
 DvcIdType,string,Optional,ProcessEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
+DvcIdType,string,Optional,RegistryEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
 DvcIdType,string,Recommended,UserManagement,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
-DvcIdType,string,Conditional,AlertEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
 DvcInboundInterface,string,Optional,NetworkSession,,,
 DvcInboundInterface,string,Optional,WebSession,,,
+DvcInterface,string,Optional,AlertEvent,,,
 DvcInterface,string,Optional,AuditEvent,,,
 DvcInterface,string,Optional,Authentication,,,
 DvcInterface,string,Optional,Common,,,
@@ -375,8 +396,10 @@ DvcInterface,string,Optional,Dns,,,
 DvcInterface,string,Optional,FileEvent,,,
 DvcInterface,string,Optional,NetworkSession,,,
 DvcInterface,string,Optional,ProcessEvent,,,
+DvcInterface,string,Optional,RegistryEvent,,,
 DvcInterface,string,Optional,UserManagement,,,
-DvcInterface,string,Optional,AlertEvent,,,
+DvcInterface,string,Optional,WebSession,,,
+DvcIpAddr,string,Recommended,AlertEvent,IP Address,,
 DvcIpAddr,string,Recommended,AuditEvent,IP Address,,
 DvcIpAddr,string,Recommended,Authentication,IP Address,,
 DvcIpAddr,string,Recommended,Common,IP Address,,
@@ -388,8 +411,7 @@ DvcIpAddr,string,Recommended,ProcessEvent,IP Address,,
 DvcIpAddr,string,Recommended,RegistryEvent,IP Address,,
 DvcIpAddr,string,Recommended,UserManagement,IP Address,,
 DvcIpAddr,string,Recommended,WebSession,IP Address,,
-DvcIpAddr,string,Recommended,AlertEvent,IP Address,,
-DvcMacAddr,string,Optional,UserManagement,MAC Address,,
+DvcMacAddr,string,Optional,AlertEvent,,,
 DvcMacAddr,string,Optional,AuditEvent,MAC Address,,
 DvcMacAddr,string,Optional,Authentication,MAC Address,,
 DvcMacAddr,string,Optional,Common,MAC Address,,
@@ -399,8 +421,9 @@ DvcMacAddr,string,Optional,FileEvent,MAC Address,,
 DvcMacAddr,string,Optional,NetworkSession,MAC Address,,
 DvcMacAddr,string,Optional,ProcessEvent,MAC Address,,
 DvcMacAddr,string,Optional,RegistryEvent,MAC Address,,
+DvcMacAddr,string,Optional,UserManagement,MAC Address,,
 DvcMacAddr,string,Optional,WebSession,MAC Address,,
-DvcMacAddr,string,Optional,AlertEvent,,,
+DvcOriginalAction,string,Optional,AlertEvent,,,
 DvcOriginalAction,string,Optional,AuditEvent,,,
 DvcOriginalAction,string,Optional,Authentication,,,
 DvcOriginalAction,string,Optional,Common,,,
@@ -409,9 +432,10 @@ DvcOriginalAction,string,Optional,Dns,,,
 DvcOriginalAction,string,Optional,FileEvent,,,
 DvcOriginalAction,string,Optional,NetworkSession,,,
 DvcOriginalAction,string,Optional,ProcessEvent,,,
+DvcOriginalAction,string,Optional,RegistryEvent,,,
 DvcOriginalAction,string,Optional,UserManagement,,,
 DvcOriginalAction,string,Optional,WebSession,,,
-DvcOriginalAction,string,Optional,AlertEvent,,,
+DvcOs,string,Optional,AlertEvent,,,
 DvcOs,string,Optional,AuditEvent,,,
 DvcOs,string,Optional,Authentication,,,
 DvcOs,string,Optional,Common,,,
@@ -422,7 +446,8 @@ DvcOs,string,Optional,NetworkSession,,,
 DvcOs,string,Optional,ProcessEvent,,,
 DvcOs,string,Optional,RegistryEvent,,,
 DvcOs,string,Optional,UserManagement,,,
-DvcOs,string,Optional,AlertEvent,,,
+DvcOs,string,Optional,WebSession,,,
+DvcOsVersion,string,Optional,AlertEvent,,,
 DvcOsVersion,string,Optional,AuditEvent,,,
 DvcOsVersion,string,Optional,Authentication,,,
 DvcOsVersion,string,Optional,Common,,,
@@ -433,12 +458,14 @@ DvcOsVersion,string,Optional,NetworkSession,,,
 DvcOsVersion,string,Optional,ProcessEvent,,,
 DvcOsVersion,string,Optional,RegistryEvent,,,
 DvcOsVersion,string,Optional,UserManagement,,,
-DvcOsVersion,string,Optional,AlertEvent,,,
+DvcOsVersion,string,Optional,WebSession,,,
 DvcOutboundInterface,string,Optional,NetworkSession,,,
 DvcOutboundInterface,string,Optional,WebSession,,,
+DvcScope,string,Optional,AlertEvent,,,
 DvcScope,string,Optional,AuditEvent,,,
 DvcScope,string,Optional,Authentication,,,
 DvcScope,string,Optional,Common,,,
+DvcScope,string,Optional,DhcpEvent,,,
 DvcScope,string,Optional,Dns,,,
 DvcScope,string,Optional,FileEvent,,,
 DvcScope,string,Optional,NetworkSession,,,
@@ -446,8 +473,7 @@ DvcScope,string,Optional,ProcessEvent,,,
 DvcScope,string,Optional,RegistryEvent,,,
 DvcScope,string,Optional,UserManagement,,,
 DvcScope,string,Optional,WebSession,,,
-DvcScope,string,Optional,DhcpEvent,,,
-DvcScope,string,Optional,AlertEvent,,,
+DvcScopeId,string,Optional,AlertEvent,,,
 DvcScopeId,string,Optional,AuditEvent,,,
 DvcScopeId,string,Optional,Authentication,,,
 DvcScopeId,string,Optional,Common,,,
@@ -459,7 +485,7 @@ DvcScopeId,string,Optional,ProcessEvent,,,
 DvcScopeId,string,Optional,RegistryEvent,,,
 DvcScopeId,string,Optional,UserManagement,,,
 DvcScopeId,string,Optional,WebSession,,,
-DvcScopeId,string,Optional,AlertEvent,,,
+DvcZone,string,Optional,AlertEvent,,,
 DvcZone,string,Optional,AuditEvent,,,
 DvcZone,string,Optional,Authentication,,,
 DvcZone,string,Optional,Common,,,
@@ -468,23 +494,24 @@ DvcZone,string,Optional,Dns,,,
 DvcZone,string,Optional,FileEvent,,,
 DvcZone,string,Optional,NetworkSession,,,
 DvcZone,string,Optional,ProcessEvent,,,
+DvcZone,string,Optional,RegistryEvent,,,
 DvcZone,string,Optional,UserManagement,,,
 DvcZone,string,Optional,WebSession,,,
-DvcZone,string,Optional,AlertEvent,,,
 EmailMessageId,string,Optional,AlertEvent,,,
 EmailSubject,string,Optional,AlertEvent,,,
+EventCount,int,Mandatory,AlertEvent,,,
+EventCount,int,Mandatory,AuditEvent,,,
 EventCount,int,Mandatory,Authentication,,,
 EventCount,int,Mandatory,Common,,,
 EventCount,int,Mandatory,DhcpEvent,,,
 EventCount,int,Mandatory,Dns,,,
+EventCount,int,Mandatory,FileEvent,,,
 EventCount,int,Mandatory,NetworkSession,,,
 EventCount,int,Mandatory,ProcessEvent,,,
 EventCount,int,Mandatory,RegistryEvent,,,
 EventCount,int,Mandatory,UserManagement,,,
 EventCount,int,Mandatory,WebSession,,,
-EventCount,int,Mandatory,AuditEvent,,,
-EventCount,int,Mandatory,FileEvent,,,
-EventCount,int,Mandatory,AlertEvent,,,
+EventEndTime,datetime,Mandatory,AlertEvent,,,
 EventEndTime,datetime,Mandatory,AuditEvent,,,
 EventEndTime,datetime,Mandatory,Authentication,,,
 EventEndTime,datetime,Mandatory,Common,,,
@@ -496,7 +523,7 @@ EventEndTime,datetime,Mandatory,ProcessEvent,,,
 EventEndTime,datetime,Mandatory,RegistryEvent,,,
 EventEndTime,datetime,Mandatory,UserManagement,,,
 EventEndTime,datetime,Mandatory,WebSession,,,
-EventEndTime,datetime,Mandatory,AlertEvent,,,
+EventMessage,string,Optional,AlertEvent,,,
 EventMessage,string,Optional,AuditEvent,,,
 EventMessage,string,Optional,Authentication,,,
 EventMessage,string,Optional,Common,,,
@@ -508,7 +535,6 @@ EventMessage,string,Optional,ProcessEvent,,,
 EventMessage,string,Optional,RegistryEvent,,,
 EventMessage,string,Optional,UserManagement,,,
 EventMessage,string,Optional,WebSession,,,
-EventMessage,string,Optional,AlertEvent,,,
 EventOriginalResultDetails,string,Optional,AuditEvent,,,
 EventOriginalResultDetails,string,Optional,Authentication,,,
 EventOriginalResultDetails,string,Optional,Common,,,
@@ -517,8 +543,10 @@ EventOriginalResultDetails,string,Optional,Dns,,,
 EventOriginalResultDetails,string,Optional,FileEvent,,,
 EventOriginalResultDetails,string,Optional,NetworkSession,,,
 EventOriginalResultDetails,string,Optional,ProcessEvent,,,
+EventOriginalResultDetails,string,Optional,RegistryEvent,,,
 EventOriginalResultDetails,string,Optional,UserManagement,,,
 EventOriginalResultDetails,string,Optional,WebSession,,,
+EventOriginalSeverity,string,Optional,AlertEvent,,,
 EventOriginalSeverity,string,Optional,AuditEvent,,,
 EventOriginalSeverity,string,Optional,Authentication,,,
 EventOriginalSeverity,string,Optional,Common,,,
@@ -530,7 +558,7 @@ EventOriginalSeverity,string,Optional,ProcessEvent,,,
 EventOriginalSeverity,string,Optional,RegistryEvent,,,
 EventOriginalSeverity,string,Optional,UserManagement,,,
 EventOriginalSeverity,string,Optional,WebSession,,,
-EventOriginalSeverity,string,Optional,AlertEvent,,,
+EventOriginalSubType,string,Optional,AlertEvent,,,
 EventOriginalSubType,string,Optional,AuditEvent,,,
 EventOriginalSubType,string,Optional,Authentication,,,
 EventOriginalSubType,string,Optional,Common,,,
@@ -542,7 +570,7 @@ EventOriginalSubType,string,Optional,ProcessEvent,,,
 EventOriginalSubType,string,Optional,RegistryEvent,,,
 EventOriginalSubType,string,Optional,UserManagement,,,
 EventOriginalSubType,string,Optional,WebSession,,,
-EventOriginalSubType,string,Optional,AlertEvent,,,
+EventOriginalType,string,Optional,AlertEvent,,,
 EventOriginalType,string,Optional,AuditEvent,,,
 EventOriginalType,string,Optional,Authentication,,,
 EventOriginalType,string,Optional,Common,,,
@@ -554,7 +582,7 @@ EventOriginalType,string,Optional,ProcessEvent,,,
 EventOriginalType,string,Optional,RegistryEvent,,,
 EventOriginalType,string,Optional,UserManagement,,,
 EventOriginalType,string,Optional,WebSession,,,
-EventOriginalType,string,Optional,AlertEvent,,,
+EventOriginalUid,string,Optional,AlertEvent,,,
 EventOriginalUid,string,Optional,AuditEvent,,,
 EventOriginalUid,string,Optional,Authentication,,,
 EventOriginalUid,string,Optional,Common,,,
@@ -566,7 +594,7 @@ EventOriginalUid,string,Optional,ProcessEvent,,,
 EventOriginalUid,string,Optional,RegistryEvent,,,
 EventOriginalUid,string,Optional,UserManagement,,,
 EventOriginalUid,string,Optional,WebSession,,,
-EventOriginalUid,string,Optional,AlertEvent,,,
+EventOwner,string,Optional,AlertEvent,,,
 EventOwner,string,Optional,AuditEvent,,,
 EventOwner,string,Optional,Authentication,,,
 EventOwner,string,Optional,Common,,,
@@ -578,19 +606,19 @@ EventOwner,string,Optional,ProcessEvent,,,
 EventOwner,string,Optional,RegistryEvent,,,
 EventOwner,string,Optional,UserManagement,,,
 EventOwner,string,Optional,WebSession,,,
-EventOwner,string,Optional,AlertEvent,,,
-EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core,
+EventProduct,string,Mandatory,AlertEvent,Enumerated,Defender XDR|Singularity,
 EventProduct,string,Mandatory,AuditEvent,Enumerated,Azure|WAF|Security Events|Exchange 365|Dataminr Pulse|ISE|XDR|Meraki|FalconHost|SentinelOne|Carbon Black Cloud|BloxOne|Core,
+EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core,
 EventProduct,string,Mandatory,Common,,,
 EventProduct,string,Mandatory,DhcpEvent,,BloxOne,
-EventProduct,string,Mandatory,FileEvent,Enumerated,Security Events|Sysmon for Linux|Sysmon|M365 Defender for Endpoint|Azure File Storage|SharePoint|OneDrive|SentinelOne|Carbon Black Cloud|Workspace,
 EventProduct,string,Mandatory,Dns,Enumerated,Umbrella|Azure Firewall|DNS Server|Sysmon|Sysmon for Linux|ZIA DNS|NIOS|Cloud DNS|Zeek|Vectra Stream|SentinelOne|FortiGate|BloxOne,
+EventProduct,string,Mandatory,FileEvent,Enumerated,Security Events|Sysmon for Linux|Sysmon|M365 Defender for Endpoint|Azure File Storage|SharePoint|OneDrive|SentinelOne|Carbon Black Cloud|Workspace,
 EventProduct,string,Mandatory,NetworkSession,Enumerated,Fortigate|IOS|ISE|SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki|Zeek|Firewall|ASA|Cynerio|SentinelOne|WAF|Firepower|FalconHost|Carbon Black Cloud|Cortex Data Lake|Core|Azure NSG flows,
 EventProduct,string,Mandatory,ProcessEvent,Enumerated,M365 Defender for Endpoint|Sysmon for Linux|Sysmon|Azure Defender for IoT|Security Events|SentinelOne|Carbon Black Cloud|Vision One,
 EventProduct,string,Mandatory,RegistryEvent,Enumerated,M365 Defender for Endpoint|Security Events|Sysmon|Windows Event|SentinelOne|Carbon Black Cloud|Vision One,
-EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|ASM|NetScaler|Firepower|Cortex Data Lake|Firewall|Azure Firewall,
 EventProduct,string,Mandatory,UserManagement,Enumerated,Security Events|Authpriv|ISE|SentinelOne,
-EventProduct,string,Mandatory,AlertEvent,Enumerated,Defender XDR|Singularity,
+EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|ASM|NetScaler|Firepower|Cortex Data Lake|Firewall|Azure Firewall,
+EventProductVersion,string,Optional,AlertEvent,,,
 EventProductVersion,string,Optional,AuditEvent,,,
 EventProductVersion,string,Optional,Authentication,,,
 EventProductVersion,string,Optional,Common,,,
@@ -602,7 +630,7 @@ EventProductVersion,string,Optional,ProcessEvent,,,
 EventProductVersion,string,Optional,RegistryEvent,,,
 EventProductVersion,string,Optional,UserManagement,,,
 EventProductVersion,string,Optional,WebSession,,,
-EventProductVersion,string,Optional,AlertEvent,,,
+EventReportUrl,string,Optional,AlertEvent,,,
 EventReportUrl,string,Optional,AuditEvent,URL,,
 EventReportUrl,string,Optional,Authentication,URL,,
 EventReportUrl,string,Optional,Common,URL,,
@@ -614,7 +642,6 @@ EventReportUrl,string,Optional,ProcessEvent,URL,,
 EventReportUrl,string,Optional,RegistryEvent,URL,,
 EventReportUrl,string,Optional,UserManagement,,,
 EventReportUrl,string,Optional,WebSession,URL,,
-EventReportUrl,string,Optional,AlertEvent,,,
 EventResult,string,Mandatory,AuditEvent,Enumerated,Success|Failure|Partial|NA,
 EventResult,string,Mandatory,Authentication,Enumerated,Success|Failure|Partial|NA,
 EventResult,string,Mandatory,Common,Enumerated,Success|Partial|Failure|NA,
@@ -630,6 +657,7 @@ EventResult,string,Optional,AlertEvent,,,
 EventResultDetails,string,Mandatory,Dns,Enumerated,,
 EventResultDetails,string,Optional,FileEvent,,,
 EventResultDetails,string,Optional,ProcessEvent,,,
+EventResultDetails,string,Optional,RegistryEvent,,,
 EventResultDetails,string,Recommended,AuditEvent,Enumerated,,
 EventResultDetails,string,Recommended,Authentication,Enumerated,No such user or password|Incorrect password|Account expired|Password expired|User locked|User disabled|Logon violates policy|Session expired|No such user|Incorrect key|MFA not satisfied|Other,
 EventResultDetails,string,Recommended,Common,Enumerated,Placeholder,
@@ -637,6 +665,7 @@ EventResultDetails,string,Recommended,DhcpEvent,,,
 EventResultDetails,string,Recommended,NetworkSession,Enumerated,Failover|Invalid TCP|Invalid Tunnel|Maximum Retry|Reset|Routing issue|Simulation|Terminated|Timeout|Transient error|Unknown|NA,
 EventResultDetails,string,Recommended,UserManagement,Enumerated,NotAuthorized|Other,
 EventResultDetails,string,Recommended,WebSession,Enumerated,,
+EventSchema,string,Mandatory,AlertEvent,Enumerated,AlertEvent,
 EventSchema,string,Mandatory,AuditEvent,Enumerated,AuditEvent,
 EventSchema,string,Mandatory,Authentication,Enumerated,Authentication,
 EventSchema,string,Mandatory,Common,Enumerated,Placeholder,
@@ -644,11 +673,11 @@ EventSchema,string,Mandatory,DhcpEvent,,,
 EventSchema,string,Mandatory,Dns,Enumerated,Dns,
 EventSchema,string,Mandatory,FileEvent,Enumerated,FileEvent,
 EventSchema,string,Mandatory,NetworkSession,Enumerated,NetworkSession,
-EventSchema,string,Mandatory,UserManagement,Enumerated,UserManagement,
-EventSchema,string,Mandatory,WebSession,Enumerated,WebSession,
 EventSchema,string,Mandatory,ProcessEvent,,ProcessEvent,
 EventSchema,string,Mandatory,RegistryEvent,,RegistryEvent,
-EventSchema,string,Mandatory,AlertEvent,Enumerated,AlertEvent,
+EventSchema,string,Mandatory,UserManagement,Enumerated,UserManagement,
+EventSchema,string,Mandatory,WebSession,Enumerated,WebSession,
+EventSchemaVersion,string,Mandatory,AlertEvent,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,AuditEvent,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,Authentication,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,Common,SchemaVersion,,
@@ -660,19 +689,19 @@ EventSchemaVersion,string,Mandatory,ProcessEvent,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,RegistryEvent,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,UserManagement,SchemaVersion,,
 EventSchemaVersion,string,Mandatory,WebSession,SchemaVersion,,
-EventSchemaVersion,string,Mandatory,AlertEvent,SchemaVersion,,
-EventSeverity,string,Recommended,Common,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Mandatory,UserManagement,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Mandatory,WebSession,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Optional,Dns,Enumerated,Informational|Low|Medium|High,
+EventSeverity,string,Optional,NetworkSession,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Optional,ProcessEvent,Enumerated,Informational|Low|Medium|High,
-EventSeverity,string,Recommended,RegistryEvent,Enumerated,Informational|Low|Medium|High,
+EventSeverity,string,Recommended,AlertEvent,Enumerated,High|Medium|Low|Informational,
 EventSeverity,string,Recommended,AuditEvent,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Recommended,Authentication,Enumerated,Informational|Low|Medium|High,
+EventSeverity,string,Recommended,Common,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Recommended,DhcpEvent,Enumerated,Informational|Low|Medium|High,
 EventSeverity,string,Recommended,FileEvent,Enumerated,Informational|Low|Medium|High,
-EventSeverity,string,Optional,NetworkSession,Enumerated,Informational|Low|Medium|High,
-EventSeverity,string,Recommended,AlertEvent,Enumerated,High|Medium|Low|Informational,
+EventSeverity,string,Recommended,RegistryEvent,Enumerated,Informational|Low|Medium|High,
+EventStartTime,datetime,Mandatory,AlertEvent,,,
 EventStartTime,datetime,Mandatory,AuditEvent,,,
 EventStartTime,datetime,Mandatory,Authentication,,,
 EventStartTime,datetime,Mandatory,Common,,,
@@ -684,7 +713,6 @@ EventStartTime,datetime,Mandatory,ProcessEvent,,,
 EventStartTime,datetime,Mandatory,RegistryEvent,,,
 EventStartTime,datetime,Mandatory,UserManagement,,,
 EventStartTime,datetime,Mandatory,WebSession,,,
-EventStartTime,datetime,Mandatory,AlertEvent,,,
 EventSubType,string,Optional,AuditEvent,,,
 EventSubType,string,Optional,Authentication,Enumerated,System|Interactive|RemoteInteractive|Service|RemoteService|Remote|AssumeRole,
 EventSubType,string,Optional,Common,Enumerated,Placeholder,
@@ -693,9 +721,11 @@ EventSubType,string,Optional,Dns,Enumerated,request|response,
 EventSubType,string,Optional,FileEvent,Enumerated,Upload|Checkin|Download|Preview|Checkout|Extended|Recycle|Versions|Site,
 EventSubType,string,Optional,NetworkSession,Enumerated,Start|End|,
 EventSubType,string,Optional,ProcessEvent,,,
+EventSubType,string,Optional,RegistryEvent,,,
 EventSubType,string,Optional,UserManagement,Enumerated,UserRead|UserCreated|GroupCreated|UserModified|GroupModified|password|shell|GID|expiration|UID,
 EventSubType,string,Optional,WebSession,,,
 EventSubType,string,Recommended,AlertEvent,Enumerated,Threat|Suspicious Activity|Policy Violation|Anomaly|Compliance Violation| Vulnerability,
+EventType,string,Mandatory,AlertEvent,Enumerated,Alert,
 EventType,string,Mandatory,AuditEvent,Enumerated,Set|Read|Create|Delete|Execute|Install|Clear|Enable|Disable|Initialize|Start|Stop|Terminate|Other,
 EventType,string,Mandatory,Authentication,Enumerated,Logon|Logoff|Elevate,
 EventType,string,Mandatory,Common,Enumerated,Placeholder,
@@ -707,7 +737,7 @@ EventType,string,Mandatory,ProcessEvent,Enumerated,ProcessCreated|ProcessTermina
 EventType,string,Mandatory,RegistryEvent,Enumerated,RegistryKeyCreated|RegistryKeyDeleted|RegistryKeyRenamed|RegistryValueDeleted|RegistryValueSet,
 EventType,string,Mandatory,UserManagement,Enumerated,UserCreated|UserDeleted|UserModified|UserLocked|UserUnlocked|UserDisabled|UserEnabled|PasswordChanged|PasswordReset|GroupCreated|GroupDeleted|GroupModified|UserAddedToGroup|UserRemovedFromGroup|GroupEnumerated|UserRead|GroupRead,
 EventType,string,Mandatory,WebSession,Enumerated,HTTPsession|WebServerSession|ApiRequest,
-EventType,string,Mandatory,AlertEvent,Enumerated,Alert,
+EventUid,string,Mandatory,AlertEvent,,,
 EventUid,string,Recommended,AuditEvent,,,
 EventUid,string,Recommended,Authentication,,,
 EventUid,string,Recommended,Common,,,
@@ -719,34 +749,33 @@ EventUid,string,Recommended,ProcessEvent,,,
 EventUid,string,Recommended,RegistryEvent,,,
 EventUid,string,Recommended,UserManagement,,,
 EventUid,string,Recommended,WebSession,,,
-EventUid,string,Mandatory,AlertEvent,,,
-EventVendor,string,Mandatory,Authentication,Enumerated,Salesforce|AWS|Barracuda|Cisco|Microsoft|Okta|PostgreSQL|OpenBSD|Linux|Vectra|SentinelOne|CrowdStrike|VMware|Google|Illumio,
+EventVendor,string,Mandatory,AlertEvent,Enumerated,Microsoft|SentinelOne,
 EventVendor,string,Mandatory,AuditEvent,Enumerated,Microsoft|AWS|Barracuda|Cisco|Dataminr|Vectra|CrowdStrike|SentinelOne|VMware|Infoblox|Illumio,
+EventVendor,string,Mandatory,Authentication,Enumerated,Salesforce|AWS|Barracuda|Cisco|Microsoft|Okta|PostgreSQL|OpenBSD|Linux|Vectra|SentinelOne|CrowdStrike|VMware|Google|Illumio,
 EventVendor,string,Mandatory,Common,,,
 EventVendor,string,Mandatory,DhcpEvent,,Infoblox,
-EventVendor,string,Mandatory,FileEvent,Enumerated,Microsoft|SentinelOne|VMware|Google,
 EventVendor,string,Mandatory,Dns,Enumerated,Cisco|Corelight|GCP|Infoblox|Microsoft|Zscaler|Vectra AI|SentinelOne|Fortinet,
+EventVendor,string,Mandatory,FileEvent,Enumerated,Microsoft|SentinelOne|VMware|Google,
 EventVendor,string,Mandatory,NetworkSession,Enumerated,Fortinet|AppGate|Barracuda|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco|Corelight|Check Point|Forcepoint|Cynerio|SentinelOne|CrowdStrike|VMware|SonicWall|Illumio,
 EventVendor,string,Mandatory,ProcessEvent,Enumerated,Microsoft|SentinelOne|VMware|TrendMicro,
-EventVendor,string,Mandatory,WebSession,Enumerated,Apache|Barracuda|Fortinet|Microsoft|Squid|Zscaler|Vectra AI|Palo Alto|WatchGuard|Cisco|Forcepoint|Corelight|Dataminr|Citrix|F5|SonicWall,
-EventVendor,string,Mandatory,UserManagement,Enumerated,Microsoft|Linux|Cisco|SentinelOne,
 EventVendor,string,Mandatory,RegistryEvent,Enumerated,Microsoft|SentinelOne|VMware|Trend Micro,
-EventVendor,string,Mandatory,AlertEvent,Enumerated,Microsoft|SentinelOne,
+EventVendor,string,Mandatory,UserManagement,Enumerated,Microsoft|Linux|Cisco|SentinelOne,
+EventVendor,string,Mandatory,WebSession,Enumerated,Apache|Barracuda|Fortinet|Microsoft|Squid|Zscaler|Vectra AI|Palo Alto|WatchGuard|Cisco|Forcepoint|Corelight|Dataminr|Citrix|F5|SonicWall,
 FileContentType,string,Optional,WebSession,,,
-FileMD5,string,Optional,WebSession,MD5,,
 FileMD5,string,Optional,AlertEvent,,,
+FileMD5,string,Optional,WebSession,MD5,,
 FileName,string,Alias,FileEvent,,,TargetFileName
-FileName,string,Optional,WebSession,,,
 FileName,string,Optional,AlertEvent,,,
+FileName,string,Optional,WebSession,,,
 FilePath,string,Alias,FileEvent,,,TargetFilePath
 FilePath,string,Optional,AlertEvent,,,
-FileSHA1,string,Optional,WebSession,SHA1,,
 FileSHA1,string,Optional,AlertEvent,,,
-FileSHA256,string,Optional,WebSession,SHA256,,
+FileSHA1,string,Optional,WebSession,SHA1,,
 FileSHA256,string,Optional,AlertEvent,,,
+FileSHA256,string,Optional,WebSession,SHA256,,
 FileSHA512,string,Optional,WebSession,SHA512,,
-FileSize,long,Optional,WebSession,,,
 FileSize,long,Optional,AlertEvent,,,
+FileSize,long,Optional,WebSession,,,
 GroupId,string,Optional,UserManagement,,,
 GroupIdType,string,Optional,UserManagement,Enumerated,SID|UID,
 GroupName,string,Optional,UserManagement,,,
@@ -754,17 +783,17 @@ GroupNameType,string,Optional,UserManagement,Enumerated,UPN|Windows|DN|Simple,
 GroupOriginalType,string,Optional,UserManagement,,,
 GroupType,string,Optional,UserManagement,Enumerated,Local Distribution|Local Security Enabled|Global Distribution|Global Security Enabled|Universal Distribution|Universal Security Enabled|Other,
 Hash,string,Alias,FileEvent,,,TargetFileMD5|TargetFileSHA1|TargetFileSHA256|TargetFileSHA512
-Hash,string,Alias,WebSession,,,MD5|SHA1|SHA256|SHA512
 Hash,string,Alias,ProcessEvent,,,TargetProcessMD5|TargetProcessSHA1|TargetProcessSHA256|TargetProcessSHA256|TargetProcessIMPHASH
+Hash,string,Alias,WebSession,,,MD5|SHA1|SHA256|SHA512
 HashType,string,Conditional,FileEvent,Enumerated,MD5|SHA|SHA256|SHA512|IMPHASH,Hash
 HashType,string,Conditional,ProcessEvent,Enumerated,MD5|SHA|SHA256|SHA512|IMPHASH,Hash
 HashType,string,Conditional,WebSession,Enumerated,MD5|SHA1|SHA256|SHA512,Hash
+Hostname,string,Alias,AlertEvent,,,DvcHostname
 Hostname,string,Alias,DhcpEvent,Hostname,,DstHostname
 Hostname,string,Alias,Dns,Hostname,,SrcHostname
 Hostname,string,Alias,NetworkSession,Hostname,,DstHostname
 Hostname,string,Alias,UserManagement,Hostname,,DvcHostname
 Hostname,string,Alias,WebSession,Hostname,,DstHostname
-Hostname,string,Alias,AlertEvent,,,DvcHostname
 HttpContentFormat,string,Optional,WebSession,,,
 HttpContentType,string,Optional,WebSession,,,
 HttpCookie,string,Optional,WebSession,,,
@@ -793,16 +822,16 @@ IndicatorAssociation,string,Optional,AlertEvent,Enumerated,Associated|Targeted,
 IndicatorType,string,Recommended,AlertEvent,Enumerated,Ip|User|Url|Process|Registry|Host|Cloud Resource|Application|File|Email|Mailbox|Logon Session,
 InnerVlanId,string,Alias,NetworkSession,,,SrcVlanId
 InnerVlanId,string,Alias,WebSession,,,SrcVlanId
-IpAddr,string,Alias,UserManagement,IP address,,SrcIpAddr
+IpAddr,string,Alias,AlertEvent,IP Address,,DvcIpAddr
 IpAddr,string,Alias,AuditEvent,IP Address,,SrcIpAddr
 IpAddr,string,Alias,Authentication,IP Address,,SrcIpAddr
 IpAddr,string,Alias,DhcpEvent,IP Address,,SrcIpAddr
 IpAddr,string,Alias,Dns,IP Address,,SrcIpAddr
 IpAddr,string,Alias,FileEvent,IP Address,,SrcIpAddr
 IpAddr,string,Alias,NetworkSession,IP Address,,SrcIpAddr
+IpAddr,string,Alias,UserManagement,IP address,,SrcIpAddr
 IpAddr,string,Alias,WebSession,IP Address,,SrcIpAddr
-IpAddr,string,Alias,AlertEvent,IP Address,,DvcIpAddr
-LogonMethod,string,Optional,Authentication,,,
+LogonMethod,string,Optional,Authentication,Enumerated,Managed Identity|Service Principal|Username & Password|Multi factor authentication|Passwordless|PKI|Other,
 LogonProtocol,string,Optional,Authentication,,,
 LogonTarget,string,Optional,Authentication,,,
 NetworkApplicationProtocol,string,Optional,FileEvent,Protocol,,
@@ -850,8 +879,8 @@ ParentProcessFileProduct,string,Optional,ProcessEvent,,,
 ParentProcessFileVersion,string,Optional,ProcessEvent,,,
 ParentProcessGuid,string,Optional,ProcessEvent,,,
 ParentProcessGuid,string,Optional,RegistryEvent,,,
-ParentProcessId,string,Recommended,ProcessEvent,,,
 ParentProcessId,string,Mandatory,RegistryEvent,,,
+ParentProcessId,string,Recommended,ProcessEvent,,,
 ParentProcessIMPHASH,string,Optional,ProcessEvent,,,
 ParentProcessInjectedAddress,string,Optional,ProcessEvent,,,
 ParentProcessIntegrityLevel,string,Optional,ProcessEvent,,,
@@ -866,8 +895,10 @@ ParentProcessTokenElevation,string,Optional,ProcessEvent,,,
 PreviousPropertyValue,string,Optional,UserManagement,,,
 Process,string,Alias,Dns,,,SrcProcessName
 Process,string,Alias,FileEvent,,,ActingProcessName
+Process,string,Alias,NetworkSession,,,DstProcessName
 Process,string,Alias,ProcessEvent,,,TargetProcessName
 Process,string,Alias,RegistryEvent,,,ActingProcessName
+Process,string,Alias,WebSession,,,DstProcessName
 ProcessCommandLine,string,Optional,AlertEvent,,,
 ProcessFileCompany,string,Optional,AlertEvent,,,
 ProcessId,string,Optional,AlertEvent,,,
@@ -878,44 +909,45 @@ RegistryPreviousKey,string,Recommended,RegistryEvent,,,
 RegistryPreviousValue,string,Recommended,RegistryEvent,,,
 RegistryPreviousValueData,string,Recommended,RegistryEvent,,,
 RegistryPreviousValueType,string,Recommended,RegistryEvent,,,
-RegistryValue,string,Recommended,RegistryEvent,,,
 RegistryValue,string,Optional,AlertEvent,,,
-RegistryValueData,string,Recommended,RegistryEvent,,,
+RegistryValue,string,Recommended,RegistryEvent,,,
 RegistryValueData,string,Optional,AlertEvent,,,
-RegistryValueType,string,Recommended,RegistryEvent,,,
+RegistryValueData,string,Recommended,RegistryEvent,,,
 RegistryValueType,string,Optional,AlertEvent,Enumerated,Reg_Expand_Sz,
+RegistryValueType,string,Recommended,RegistryEvent,,,
 RequestedIpAddr,string,Optional,DhcpEvent,IP Address,,
+Rule,string,Alias,AlertEvent,,,RuleName
 Rule,string,Alias,AuditEvent,,,RuleName
 Rule,string,Alias,Authentication,,,RuleName
+Rule,string,Alias,DhcpEvent,,,RuleName
 Rule,string,Alias,Dns,,,RuleName
 Rule,string,Alias,FileEvent,,,RuleName
 Rule,string,Alias,NetworkSession,,,RuleName
-Rule,string,Alias,WebSession,,,RuleName
+Rule,string,Alias,ProcessEvent,,,RuleName
 Rule,string,Alias,RegistryEvent,,,RuleName
 Rule,string,Alias,UserManagement,,,RuleName
-Rule,string,Alias,DhcpEvent,,,RuleName
-Rule,string,Alias,AlertEvent,,,RuleName
+Rule,string,Alias,WebSession,,,RuleName
 RuleDescription,string,Optional,AlertEvent,,,
+RuleName,string,Optional,AlertEvent,,,
 RuleName,string,Optional,AuditEvent,,,
 RuleName,string,Optional,Authentication,,,
+RuleName,string,Optional,DhcpEvent,,,
 RuleName,string,Optional,Dns,,,
 RuleName,string,Optional,FileEvent,,,
-RuleName,string,Optional,WebSession,,,
 RuleName,string,Optional,ProcessEvent,,,
 RuleName,string,Optional,RegistryEvent,,,
 RuleName,string,Optional,UserManagement,,,
-RuleName,string,Optional,DhcpEvent,,,
-RuleName,string,Optional,AlertEvent,,,
+RuleName,string,Optional,WebSession,,,
+RuleNumber,int,Optional,AlertEvent,,,
 RuleNumber,int,Optional,AuditEvent,,,
 RuleNumber,int,Optional,Authentication,,,
+RuleNumber,int,Optional,DhcpEvent,,,
 RuleNumber,int,Optional,Dns,,,
 RuleNumber,int,Optional,FileEvent,,,
-RuleNumber,int,Optional,WebSession,,,
 RuleNumber,int,Optional,ProcessEvent,,,
 RuleNumber,int,Optional,RegistryEvent,,,
 RuleNumber,int,Optional,UserManagement,,,
-RuleNumber,int,Optional,DhcpEvent,,,
-RuleNumber,int,Optional,AlertEvent,,,
+RuleNumber,int,Optional,WebSession,,,
 SessionId,string,Alias,DhcpEvent,,,DhcpSessionId
 SessionId,string,Alias,Dns,,,DnsSessionId
 SessionId,string,Alias,NetworkSession,,,NetworkSessionId
@@ -924,10 +956,10 @@ Src,string,Mandatory,Dns,,,
 Src,string,Optional,FileEvent,IP Address,,
 Src,string,Recommended,AuditEvent,,,
 Src,string,Recommended,Authentication,,,
+Src,string,Recommended,DhcpEvent,,,
 Src,string,Recommended,NetworkSession,,,
 Src,string,Recommended,UserManagement,,,
 Src,string,Recommended,WebSession,,,
-Src,string,Recommended,DhcpEvent,,,
 SrcAppId,string,Optional,NetworkSession,,,
 SrcAppId,string,Optional,WebSession,,,
 SrcAppName,string,Optional,NetworkSession,,,
@@ -938,12 +970,12 @@ SrcBytes,long,Recommended,NetworkSession,,,
 SrcBytes,long,Recommended,WebSession,,,
 SrcDescription,string,Optional,AuditEvent,,,
 SrcDescription,string,Optional,Authentication,,,
+SrcDescription,string,Optional,DhcpEvent,,,
 SrcDescription,string,Optional,Dns,,,
 SrcDescription,string,Optional,FileEvent,,,
 SrcDescription,string,Optional,NetworkSession,,,
-SrcDescription,string,Optional,WebSession,,,
-SrcDescription,string,Optional,DhcpEvent,,,
 SrcDescription,string,Optional,UserManagement,,,
+SrcDescription,string,Optional,WebSession,,,
 SrcDeviceType,string,Optional,AuditEvent,Enumerated,Computer|Mobile Device|IOT Device|Other,
 SrcDeviceType,string,Optional,Authentication,Enumerated,Computer|Mobile Device|IOT Device|Other,
 SrcDeviceType,string,Optional,DhcpEvent,Enumerated,Computer|Mobile Device|IOT Device|Other,
@@ -982,21 +1014,25 @@ SrcDvcIdType,string,Conditional,DhcpEvent,Enumerated,AzureResourceId|MDEid|MD4Io
 SrcDvcIdType,string,Conditional,Dns,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
 SrcDvcIdType,string,Conditional,FileEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
 SrcDvcIdType,string,Conditional,NetworkSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
-SrcDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
 SrcDvcIdType,string,Conditional,UserManagement,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
+SrcDvcIdType,string,Conditional,WebSession,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|ForcepointId|AppGateId|Other,SrcDvcId
 SrcDvcOs,string,Optional,Authentication,,,
 SrcDvcScope,string,Optional,AuditEvent,,,
 SrcDvcScope,string,Optional,Authentication,,,
 SrcDvcScope,string,Optional,DhcpEvent,,,
 SrcDvcScope,string,Optional,Dns,,,
 SrcDvcScope,string,Optional,FileEvent,,,
+SrcDvcScope,string,Optional,NetworkSession,,,
 SrcDvcScope,string,Optional,UserManagement,,,
+SrcDvcScope,string,Optional,WebSession,,,
 SrcDvcScopeId,string,Optional,AuditEvent,,,
 SrcDvcScopeId,string,Optional,Authentication,,,
 SrcDvcScopeId,string,Optional,DhcpEvent,,,
 SrcDvcScopeId,string,Optional,Dns,,,
 SrcDvcScopeId,string,Optional,FileEvent,,,
+SrcDvcScopeId,string,Optional,NetworkSession,,,
 SrcDvcScopeId,string,Optional,UserManagement,,,
+SrcDvcScopeId,string,Optional,WebSession,,,
 SrcFileCreationTime,datetime,Optional,FileEvent,,,
 SrcFileDirectory,string,Optional,FileEvent,,,
 SrcFileExtension,string,Optional,FileEvent,,,
@@ -1017,46 +1053,46 @@ SrcFQDN,string,Optional,FileEvent,FQDN,,
 SrcFQDN,string,Optional,NetworkSession,FQDN,,
 SrcFQDN,string,Optional,UserManagement,FQDN,,
 SrcFQDN,string,Optional,WebSession,FQDN,,
-SrcGeoCity,string,Optional,UserManagement,,,
 SrcGeoCity,string,Optional,AuditEvent,,,
 SrcGeoCity,string,Optional,Authentication,,,
+SrcGeoCity,string,Optional,DhcpEvent,,,
 SrcGeoCity,string,Optional,Dns,,,
 SrcGeoCity,string,Optional,FileEvent,,,
 SrcGeoCity,string,Optional,NetworkSession,,,
+SrcGeoCity,string,Optional,UserManagement,,,
 SrcGeoCity,string,Optional,WebSession,,,
-SrcGeoCity,string,Optional,DhcpEvent,,,
-SrcGeoCountry,string,Optional,UserManagement,,,
 SrcGeoCountry,string,Optional,AuditEvent,,,
 SrcGeoCountry,string,Optional,Authentication,,,
+SrcGeoCountry,string,Optional,DhcpEvent,,,
 SrcGeoCountry,string,Optional,Dns,,,
 SrcGeoCountry,string,Optional,FileEvent,,,
 SrcGeoCountry,string,Optional,NetworkSession,,,
+SrcGeoCountry,string,Optional,UserManagement,,,
 SrcGeoCountry,string,Optional,WebSession,,,
-SrcGeoCountry,string,Optional,DhcpEvent,,,
-SrcGeoLatitude,real,Optional,UserManagement,,,
 SrcGeoLatitude,real,Optional,AuditEvent,,,
 SrcGeoLatitude,real,Optional,Authentication,,,
+SrcGeoLatitude,real,Optional,DhcpEvent,,,
 SrcGeoLatitude,real,Optional,Dns,,,
 SrcGeoLatitude,real,Optional,FileEvent,,,
 SrcGeoLatitude,real,Optional,NetworkSession,,,
+SrcGeoLatitude,real,Optional,UserManagement,,,
 SrcGeoLatitude,real,Optional,WebSession,,,
-SrcGeoLatitude,real,Optional,DhcpEvent,,,
-SrcGeoLongitude,real,Optional,UserManagement,,,
 SrcGeoLongitude,real,Optional,AuditEvent,,,
 SrcGeoLongitude,real,Optional,Authentication,,,
+SrcGeoLongitude,real,Optional,DhcpEvent,,,
 SrcGeoLongitude,real,Optional,Dns,,,
 SrcGeoLongitude,real,Optional,FileEvent,,,
 SrcGeoLongitude,real,Optional,NetworkSession,,,
+SrcGeoLongitude,real,Optional,UserManagement,,,
 SrcGeoLongitude,real,Optional,WebSession,,,
-SrcGeoLongitude,real,Optional,DhcpEvent,,,
-SrcGeoRegion,string,Optional,UserManagement,,,
 SrcGeoRegion,string,Optional,AuditEvent,,,
 SrcGeoRegion,string,Optional,Authentication,,,
+SrcGeoRegion,string,Optional,DhcpEvent,,,
 SrcGeoRegion,string,Optional,Dns,,,
 SrcGeoRegion,string,Optional,FileEvent,,,
 SrcGeoRegion,string,Optional,NetworkSession,,,
+SrcGeoRegion,string,Optional,UserManagement,,,
 SrcGeoRegion,string,Optional,WebSession,,,
-SrcGeoRegion,string,Optional,DhcpEvent,,,
 SrcHostname,string,Mandatory,DhcpEvent,Hostname,,
 SrcHostname,string,Optional,AuditEvent,Hostname,,
 SrcHostname,string,Optional,Authentication,Hostname,,
@@ -1069,27 +1105,27 @@ SrcInterfaceGuid,string,Optional,NetworkSession,GUID,,
 SrcInterfaceGuid,string,Optional,WebSession,GUID,,
 SrcInterfaceName,string,Optional,NetworkSession,,,
 SrcInterfaceName,string,Optional,WebSession,,,
-SrcIpAddr,string,Recommended,UserManagement,IP Address,,
 SrcIpAddr,string,Mandatory,DhcpEvent,IP Address,,
 SrcIpAddr,string,Recommended,AuditEvent,IP Address,,
 SrcIpAddr,string,Recommended,Authentication,IP Address,,
 SrcIpAddr,string,Recommended,Dns,IP Address,,
 SrcIpAddr,string,Recommended,FileEvent,IP Address,,
 SrcIpAddr,string,Recommended,NetworkSession,IP Address,,
+SrcIpAddr,string,Recommended,UserManagement,IP Address,,
 SrcIpAddr,string,Recommended,WebSession,IP Address,,
 SrcIsp,string,Optional,Authentication,,,
 SrcMacAddr,string,Mandatory,DhcpEvent,MAC Address,,
 SrcMacAddr,string,Optional,NetworkSession,MAC Address,,
-SrcMacAddr,string,Optional,WebSession,MAC Address,,
 SrcMacAddr,string,Optional,UserManagement,MAC Address,,
+SrcMacAddr,string,Optional,WebSession,MAC Address,,
 SrcNatIpAddr,string,Optional,NetworkSession,IP Address,,
 SrcNatIpAddr,string,Optional,WebSession,IP Address,,
 SrcNatPortNumber,int,Optional,NetworkSession,,,
 SrcNatPortNumber,int,Optional,WebSession,,,
 SrcOriginalRiskLevel,string,Optional,AuditEvent,,,
 SrcOriginalRiskLevel,string,Optional,Authentication,,,
-SrcOriginalRiskLevel,string,Optional,Dns,,,
 SrcOriginalRiskLevel,string,Optional,DhcpEvent,,,
+SrcOriginalRiskLevel,string,Optional,Dns,,,
 SrcOriginalRiskLevel,string,Optional,UserManagement,,,
 SrcOriginalUserType,string,Optional,DhcpEvent,,,
 SrcOriginalUserType,string,Optional,Dns,,,
@@ -1099,22 +1135,25 @@ SrcPackets,long,Optional,NetworkSession,,,
 SrcPackets,long,Optional,WebSession,,,
 SrcPortNumber,int,Optional,AuditEvent,,,
 SrcPortNumber,int,Optional,Authentication,,,
+SrcPortNumber,int,Optional,DhcpEvent,,,
 SrcPortNumber,int,Optional,Dns,,,
 SrcPortNumber,int,Optional,FileEvent,,,
 SrcPortNumber,int,Optional,NetworkSession,,,
-SrcPortNumber,int,Optional,WebSession,,,
-SrcPortNumber,int,Optional,DhcpEvent,,,
 SrcPortNumber,int,Optional,UserManagement,,,
+SrcPortNumber,int,Optional,WebSession,,,
 SrcProcessGuid,string,Optional,Dns,GUID,,
 SrcProcessGuid,string,Optional,NetworkSession,,,
+SrcProcessGuid,string,Optional,WebSession,,,
 SrcProcessId,string,Optional,Dns,,,
 SrcProcessId,string,Optional,NetworkSession,,,
+SrcProcessId,string,Optional,WebSession,,,
 SrcProcessName,string,Optional,Dns,,,
 SrcProcessName,string,Optional,NetworkSession,,,
+SrcProcessName,string,Optional,WebSession,,,
 SrcRiskLevel,int,Optional,AuditEvent,,,
 SrcRiskLevel,int,Optional,Authentication,,,
-SrcRiskLevel,int,Optional,Dns,,,
 SrcRiskLevel,int,Optional,DhcpEvent,,,
+SrcRiskLevel,int,Optional,Dns,,,
 SrcRiskLevel,int,Optional,UserManagement,,,
 SrcUserAadId,string,Optional,Dns,,,
 SrcUserAWSId,string,Optional,Dns,,,
@@ -1135,19 +1174,23 @@ SrcUsernameType,string,Conditional,Dns,Enumerated,UPN|Windows|DN|Simple,SrcUsern
 SrcUsernameType,string,Conditional,NetworkSession,Enumerated,UPN|Windows|DN|Simple,SrcUsername
 SrcUsernameType,string,Conditional,WebSession,Enumerated,UPN|Windows|DN|Simple,SrcUsername
 SrcUserOktaId,string,Optional,Dns,,,
-SrcUserScope,string,Optional,Dns,,,
 SrcUserScope,string,Optional,DhcpEvent,,,
-SrcUserScopeId,string,Optional,Dns,,,
+SrcUserScope,string,Optional,Dns,,,
+SrcUserScope,string,Optional,NetworkSession,,,
+SrcUserScope,string,Optional,WebSession,,,
 SrcUserScopeId,string,Optional,DhcpEvent,,,
-SrcUserSessionId,string,Optional,Dns,,,
+SrcUserScopeId,string,Optional,Dns,,,
+SrcUserScopeId,string,Optional,NetworkSession,,,
+SrcUserScopeId,string,Optional,WebSession,,,
 SrcUserSessionId,string,Optional,DhcpEvent,,,
+SrcUserSessionId,string,Optional,Dns,,,
 SrcUserSid,string,Optional,Dns,,,
 SrcUserType,string,Optional,DhcpEvent,Enumerated,Regular|Machine|Admin|System|Application|Service Principal|Other,
 SrcUserType,string,Optional,Dns,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
 SrcUserType,string,Optional,NetworkSession,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
 SrcUserType,string,Optional,WebSession,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
-SrcVlanId,string,Optional,WebSession,,,
 SrcVlanId,string,Optional,NetworkSession,,,
+SrcVlanId,string,Optional,WebSession,,,
 SrcZone,string,Optional,NetworkSession,,,
 SrcZone,string,Optional,WebSession,,,
 TargetAppId,string,Optional,AuditEvent,,,
@@ -1206,8 +1249,8 @@ TargetHostname,string,Recommended,Authentication,Hostname,,
 TargetIpAddr,string,Optional,Authentication,IP Address,,
 TargetIpAddr,string,Recommended,AuditEvent,IP Address,,
 TargetOriginalAppType,string,Optional,AuditEvent,,,
-TargetOriginalAppType,string,Optional,FileEvent,,,
 TargetOriginalAppType,string,Optional,Authentication,,,
+TargetOriginalAppType,string,Optional,FileEvent,,,
 TargetOriginalRiskLevel,string,Optional,AuditEvent,,,
 TargetOriginalRiskLevel,string,Optional,Authentication,,,
 TargetOriginalUserType,string,Optional,Authentication,,,
@@ -1259,8 +1302,10 @@ TargetUsernameType,string,Conditional,Authentication,Enumerated,UPN|Windows|DN|S
 TargetUsernameType,string,Conditional,ProcessEvent,Enumerated,UPN|Windows|DN|Simple,TargetUsername
 TargetUsernameType,string,Conditional,UserManagement,Enumerated,UPN|Windows|DN|Simple,TargetUsername
 TargetUserScope,string,Optional,Authentication,,,
+TargetUserScope,string,Optional,ProcessEvent,,,
 TargetUserScope,string,Optional,UserManagement,,,
 TargetUserScopeId,string,Optional,Authentication,,,
+TargetUserScopeId,string,Optional,ProcessEvent,,,
 TargetUserScopeId,string,Optional,UserManagement,,,
 TargetUserSessionGuid,string,Optional,ProcessEvent,,,
 TargetUserSessionId,string,Optional,ProcessEvent,,,
@@ -1272,137 +1317,150 @@ TargetUserType,string,Optional,UserManagement,Enumerated,Regular|Machine|Admin|S
 TargetUserUid,string,Optional,UserManagement,,,
 TargetUserUpn,string,Optional,ProcessEvent,,,
 TcpFlagsAck,bool,Optional,NetworkSession,,,
+TcpFlagsAck,bool,Optional,WebSession,,,
+TcpFlagsCwr,bool,Optional,NetworkSession,,,
+TcpFlagsCwr,bool,Optional,WebSession,,,
+TcpFlagsEce,bool,Optional,NetworkSession,,,
+TcpFlagsEce,bool,Optional,WebSession,,,
 TcpFlagsFin,bool,Optional,NetworkSession,,,
+TcpFlagsFin,bool,Optional,WebSession,,,
+TcpFlagsNs,bool,Optional,NetworkSession,,,
+TcpFlagsNs,bool,Optional,WebSession,,,
 TcpFlagsPsh,bool,Optional,NetworkSession,,,
+TcpFlagsPsh,bool,Optional,WebSession,,,
 TcpFlagsRst,bool,Optional,NetworkSession,,,
+TcpFlagsRst,bool,Optional,WebSession,,,
 TcpFlagsSyn,bool,Optional,NetworkSession,,,
+TcpFlagsSyn,bool,Optional,WebSession,,,
 TcpFlagsUrg,bool,Optional,NetworkSession,,,
+TcpFlagsUrg,bool,Optional,WebSession,,,
 ThreatCategory,string,Optional,AuditEvent,,,
 ThreatCategory,string,Optional,Authentication,,,
+ThreatCategory,string,Optional,DhcpEvent,,,
 ThreatCategory,string,Optional,Dns,,,
 ThreatCategory,string,Optional,FileEvent,,,
 ThreatCategory,string,Optional,NetworkSession,,,
-ThreatCategory,string,Optional,WebSession,,,
 ThreatCategory,string,Optional,ProcessEvent,,,
 ThreatCategory,string,Optional,RegistryEvent,,,
 ThreatCategory,string,Optional,UserManagement,,,
-ThreatCategory,string,Optional,DhcpEvent,,,
+ThreatCategory,string,Optional,WebSession,,,
 ThreatCategory,string,Recommended,AlertEvent,Enumerated,Malware|Ransomeware|Trojan|Virus|Worm|Worm|Adware|Spyware|Rootkit|Cryptominer|Phishing|Spam|MaliciousUrl|Spoofing|Security Policy Violation|Unknown,
+ThreatConfidence,int,Optional,AlertEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,AuditEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,Authentication,ConfidenceLevel,,
+ThreatConfidence,int,Optional,DhcpEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,Dns,ConfidenceLevel,,
 ThreatConfidence,int,Optional,FileEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,NetworkSession,ConfidenceLevel,,
-ThreatConfidence,int,Optional,WebSession,ConfidenceLevel,,
 ThreatConfidence,int,Optional,ProcessEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,RegistryEvent,ConfidenceLevel,,
 ThreatConfidence,int,Optional,UserManagement,ConfidenceLevel,,
-ThreatConfidence,int,Optional,DhcpEvent,ConfidenceLevel,,
-ThreatConfidence,int,Optional,AlertEvent,ConfidenceLevel,,
+ThreatConfidence,int,Optional,WebSession,ConfidenceLevel,,
 ThreatField,string,Conditional,AuditEvent,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
+ThreatField,string,Conditional,Authentication,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
 ThreatField,string,Conditional,FileEvent,Enumerated,SrcIpAddr|TargetIpAddr,ThreatFilePath
 ThreatField,string,Conditional,NetworkSession,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
-ThreatField,string,Conditional,Authentication,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
 ThreatField,string,Optional,Dns,Enumerated,SrcIpAddr|DstIpAddr|Domain|DnsResponseName,
-ThreatField,string,Optional,WebSession,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
 ThreatField,string,Optional,ProcessEvent,,,
 ThreatField,string,Optional,RegistryEvent,,,
 ThreatField,string,Optional,UserManagement,,,
+ThreatField,string,Optional,WebSession,Enumerated,SrcIpAddr|TargetIpAddr,ThreatIpAddr
 ThreatFilePath,string,Optional,FileEvent,string,,
+ThreatFirstReportedTime,datetime,Optional,AlertEvent,,,
 ThreatFirstReportedTime,datetime,Optional,AuditEvent,,,
 ThreatFirstReportedTime,datetime,Optional,Authentication,,,
+ThreatFirstReportedTime,datetime,Optional,DhcpEvent,,,
 ThreatFirstReportedTime,datetime,Optional,Dns,,,
 ThreatFirstReportedTime,datetime,Optional,FileEvent,,,
 ThreatFirstReportedTime,datetime,Optional,NetworkSession,,,
-ThreatFirstReportedTime,datetime,Optional,WebSession,,,
 ThreatFirstReportedTime,datetime,Optional,ProcessEvent,,,
 ThreatFirstReportedTime,datetime,Optional,RegistryEvent,,,
 ThreatFirstReportedTime,datetime,Optional,UserManagement,,,
-ThreatFirstReportedTime,datetime,Optional,DhcpEvent,,,
-ThreatFirstReportedTime,datetime,Optional,AlertEvent,,,
+ThreatFirstReportedTime,datetime,Optional,WebSession,,,
+ThreatId,string,Optional,AlertEvent,,,
 ThreatId,string,Optional,AuditEvent,,,
 ThreatId,string,Optional,Authentication,,,
+ThreatId,string,Optional,DhcpEvent,,,
 ThreatId,string,Optional,Dns,,,
 ThreatId,string,Optional,FileEvent,,,
 ThreatId,string,Optional,NetworkSession,,,
-ThreatId,string,Optional,WebSession,,,
 ThreatId,string,Optional,ProcessEvent,,,
 ThreatId,string,Optional,RegistryEvent,,,
 ThreatId,string,Optional,UserManagement,,,
-ThreatId,string,Optional,DhcpEvent,,,
-ThreatId,string,Optional,AlertEvent,,,
+ThreatId,string,Optional,WebSession,,,
 ThreatIpAddr,string,Optional,AuditEvent,IP Address,,
 ThreatIpAddr,string,Optional,Authentication,IP Address,,
 ThreatIpAddr,string,Optional,Dns,IP Address,,
 ThreatIpAddr,string,Optional,NetworkSession,IP Address,,
 ThreatIpAddr,string,Optional,WebSession,IP Address,,
+ThreatIsActive,bool,Optional,AlertEvent,,,
 ThreatIsActive,bool,Optional,AuditEvent,,,
 ThreatIsActive,bool,Optional,Authentication,,,
+ThreatIsActive,bool,Optional,DhcpEvent,,,
 ThreatIsActive,bool,Optional,Dns,,,
 ThreatIsActive,bool,Optional,FileEvent,,,
 ThreatIsActive,bool,Optional,NetworkSession,,,
-ThreatIsActive,bool,Optional,WebSession,,,
 ThreatIsActive,bool,Optional,ProcessEvent,,,
 ThreatIsActive,bool,Optional,RegistryEvent,,,
 ThreatIsActive,bool,Optional,UserManagement,,,
-ThreatIsActive,bool,Optional,DhcpEvent,,,
-ThreatIsActive,bool,Optional,AlertEvent,,,
+ThreatIsActive,bool,Optional,WebSession,,,
+ThreatLastReportedTime,datetime,Optional,AlertEvent,,,
 ThreatLastReportedTime,datetime,Optional,AuditEvent,,,
 ThreatLastReportedTime,datetime,Optional,Authentication,,,
+ThreatLastReportedTime,datetime,Optional,DhcpEvent,,,
 ThreatLastReportedTime,datetime,Optional,Dns,,,
 ThreatLastReportedTime,datetime,Optional,FileEvent,,,
 ThreatLastReportedTime,datetime,Optional,NetworkSession,,,
-ThreatLastReportedTime,datetime,Optional,WebSession,,,
 ThreatLastReportedTime,datetime,Optional,ProcessEvent,,,
 ThreatLastReportedTime,datetime,Optional,RegistryEvent,,,
 ThreatLastReportedTime,datetime,Optional,UserManagement,,,
-ThreatLastReportedTime,datetime,Optional,DhcpEvent,,,
-ThreatLastReportedTime,datetime,Optional,AlertEvent,,,
+ThreatLastReportedTime,datetime,Optional,WebSession,,,
+ThreatName,string,Optional,AlertEvent,,,
 ThreatName,string,Optional,AuditEvent,,,
 ThreatName,string,Optional,Authentication,,,
+ThreatName,string,Optional,DhcpEvent,,,
 ThreatName,string,Optional,Dns,,,
 ThreatName,string,Optional,FileEvent,,,
 ThreatName,string,Optional,NetworkSession,,,
-ThreatName,string,Optional,WebSession,,,
 ThreatName,string,Optional,ProcessEvent,,,
 ThreatName,string,Optional,RegistryEvent,,,
 ThreatName,string,Optional,UserManagement,,,
-ThreatName,string,Optional,DhcpEvent,,,
-ThreatName,string,Optional,AlertEvent,,,
+ThreatName,string,Optional,WebSession,,,
 ThreatOriginalCategory,string,Optional,AlertEvent,,,
+ThreatOriginalConfidence,string,Optional,AlertEvent,,,
 ThreatOriginalConfidence,string,Optional,AuditEvent,,,
 ThreatOriginalConfidence,string,Optional,Authentication,,,
+ThreatOriginalConfidence,string,Optional,DhcpEvent,,,
 ThreatOriginalConfidence,string,Optional,Dns,,,
 ThreatOriginalConfidence,string,Optional,FileEvent,,,
 ThreatOriginalConfidence,string,Optional,NetworkSession,,,
-ThreatOriginalConfidence,string,Optional,WebSession,,,
 ThreatOriginalConfidence,string,Optional,ProcessEvent,,,
 ThreatOriginalConfidence,string,Optional,RegistryEvent,,,
 ThreatOriginalConfidence,string,Optional,UserManagement,,,
-ThreatOriginalConfidence,string,Optional,DhcpEvent,,,
-ThreatOriginalConfidence,string,Optional,AlertEvent,,,
+ThreatOriginalConfidence,string,Optional,WebSession,,,
+ThreatOriginalRiskLevel,string,Optional,AlertEvent,,,
 ThreatOriginalRiskLevel,string,Optional,AuditEvent,,,
 ThreatOriginalRiskLevel,string,Optional,Authentication,,,
+ThreatOriginalRiskLevel,string,Optional,DhcpEvent,,,
 ThreatOriginalRiskLevel,string,Optional,Dns,,,
 ThreatOriginalRiskLevel,string,Optional,FileEvent,,,
 ThreatOriginalRiskLevel,string,Optional,NetworkSession,,,
-ThreatOriginalRiskLevel,string,Optional,WebSession,,,
 ThreatOriginalRiskLevel,string,Optional,ProcessEvent,,,
 ThreatOriginalRiskLevel,string,Optional,RegistryEvent,,,
 ThreatOriginalRiskLevel,string,Optional,UserManagement,,,
-ThreatOriginalRiskLevel,string,Optional,DhcpEvent,,,
-ThreatOriginalRiskLevel,string,Optional,AlertEvent,,,
+ThreatOriginalRiskLevel,string,Optional,WebSession,,,
+ThreatRiskLevel,int,Optional,AlertEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,AuditEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,Authentication,RiskLevel,,
+ThreatRiskLevel,int,Optional,DhcpEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,Dns,RiskLevel,,
 ThreatRiskLevel,int,Optional,FileEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,NetworkSession,RiskLevel,,
-ThreatRiskLevel,int,Optional,WebSession,RiskLevel,,
 ThreatRiskLevel,int,Optional,ProcessEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,RegistryEvent,RiskLevel,,
 ThreatRiskLevel,int,Optional,UserManagement,RiskLevel,,
-ThreatRiskLevel,int,Optional,DhcpEvent,RiskLevel,,
-ThreatRiskLevel,int,Optional,AlertEvent,RiskLevel,,
+ThreatRiskLevel,int,Optional,WebSession,RiskLevel,,
+TimeGenerated,datetime,Mandatory,AlertEvent,,,
 TimeGenerated,datetime,Mandatory,AuditEvent,,,
 TimeGenerated,datetime,Mandatory,Authentication,,,
 TimeGenerated,datetime,Mandatory,Common,,,
@@ -1412,9 +1470,10 @@ TimeGenerated,datetime,Mandatory,FileEvent,,,
 TimeGenerated,datetime,Mandatory,NetworkSession,,,
 TimeGenerated,datetime,Mandatory,ProcessEvent,,,
 TimeGenerated,datetime,Mandatory,RegistryEvent,,,
-TimeGenerated,datetime,Mandatory,WebSession,,,
 TimeGenerated,datetime,Mandatory,UserManagement,,,
+TimeGenerated,datetime,Mandatory,WebSession,,,
 TransactionIdHex,string,Recommended,Dns,Hexadecimal,,
+Type,string,Mandatory,AlertEvent,,,
 Type,string,Mandatory,AuditEvent,,,
 Type,string,Mandatory,Authentication,,,
 Type,string,Mandatory,Common,,,
@@ -1424,6 +1483,7 @@ Type,string,Mandatory,FileEvent,,,
 Type,string,Mandatory,NetworkSession,,,
 Type,string,Mandatory,ProcessEvent,,,
 Type,string,Mandatory,RegistryEvent,,,
+Type,string,Mandatory,UserManagement,,,
 Type,string,Mandatory,WebSession,,,
 UpdatedPropertyName,string,Alias,UserManagement,,,EventSubType
 Url,string,Alias,FileEvent,URL,,TargetUrl
@@ -1432,7 +1492,9 @@ Url,string,Optional,AlertEvent,,,
 UrlCategory,string,Optional,Dns,,,
 UrlCategory,string,Optional,WebSession,,,
 UrlOriginal,string,Optional,WebSession,URL,,
+User,string,Alias,AlertEvent,,,Username
 User,string,Alias,AuditEvent,,,ActorUsername
+User,string,Alias,DhcpEvent,,,SrcUsername
 User,string,Alias,Dns,,,SrcUsername
 User,string,Alias,FileEvent,,,ActorUsername
 User,string,Alias,NetworkSession,,,DstUsername
@@ -1441,76 +1503,14 @@ User,string,Alias,RegistryEvent,,,ActorUsername
 User,string,Alias,UserManagement,,,ActorUsername
 User,string,Alias,WebSession,,,SrcUsername
 User,string,Optional,Authentication,,,
-User,string,Alias,AlertEvent,,,Username
 UserAgent,string,Alias,WebSession,,,HttpUserAgent
 UserId,string,Optional,AlertEvent,,,
 UserIdType,string,Conditional,AlertEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,UserId
 Username,string,Recommended,AlertEvent,,,
 UsernameType,string,Conditional,AlertEvent,Enumerated,UPN|Windows|DN|Simple,Username
+UserScope,string,Optional,AlertEvent,,,
 UserScopeId,string,Optional,AlertEvent,,,
 UserSessionId,string,Optional,AlertEvent,,,
 UserType,string,Optional,AlertEvent,Enumerated,Regular|Machine|Admin|System|Application|Service Principal|Other,
 Value,string,Alias,AuditEvent,,,NewValue
 ValueType,string,Optional,AuditEvent,Enumerated,Other,
-UserScope,string,Optional,AlertEvent,,,
-AlertDescription,string,Alias,AlertEvent,,,EventMessage
-ASimMatchingHostname,string,Recommended,WebSession,Enumerated,SrcHostname|DstHostname|Both|-,
-DstDvcScope,string,Optional,NetworkSession,,,
-DstDvcScope,string,Optional,WebSession,,,
-DstDvcScopeId,string,Optional,NetworkSession,,,
-DstDvcScopeId,string,Optional,WebSession,,,
-DstProcessGuid,string,Optional,WebSession,,,
-DstProcessId,string,Optional,WebSession,,,
-DstProcessName,string,Optional,WebSession,,,
-DstUserScope,string,Optional,NetworkSession,,,
-DstUserScope,string,Optional,WebSession,,,
-DstUserScopeId,string,Optional,NetworkSession,,,
-DstUserScopeId,string,Optional,WebSession,,,
-Dvc,string,Mandatory,DhcpEvent,,,
-DvcAction,string,Optional,RegistryEvent,,,
-DvcDomain,string,Recommended,RegistryEvent,Domain,,
-DvcDomainType,string,Conditional,RegistryEvent,Enumerated,Windows|FQDN|ResourceGroup,DvcDomain
-DvcFQDN,string,Optional,RegistryEvent,FQDN,,
-DvcIdType,string,Optional,RegistryEvent,Enumerated,AzureResourceId|MDEid|MD4IoTid|VMConnectionId|AwsVpcId|VectraId|AppGateId|Other,DvcId
-DvcInterface,string,Optional,RegistryEvent,,,
-DvcInterface,string,Optional,WebSession,,,
-DvcOriginalAction,string,Optional,RegistryEvent,,,
-DvcOs,string,Optional,WebSession,,,
-DvcOsVersion,string,Optional,WebSession,,,
-EventOriginalResultDetails,string,Optional,RegistryEvent,,,
-EventResultDetails,string,Optional,RegistryEvent,,,
-EventSubType,string,Optional,RegistryEvent,,,
-Rule,string,Alias,ProcessEvent,,,RuleName
-Process,string,Alias,NetworkSession,,,DstProcessName
-Process,string,Alias,WebSession,,,DstProcessName
-SrcDvcScope,string,Optional,NetworkSession,,,
-SrcDvcScope,string,Optional,WebSession,,,
-SrcDvcScopeId,string,Optional,NetworkSession,,,
-SrcDvcScopeId,string,Optional,WebSession,,,
-SrcProcessGuid,string,Optional,WebSession,,,
-SrcProcessId,string,Optional,WebSession,,,
-SrcProcessName,string,Optional,WebSession,,,
-SrcUserScope,string,Optional,NetworkSession,,,
-TargetUserScope,string,Optional,ProcessEvent,,,
-TargetUserScopeId,string,Optional,ProcessEvent,,,
-SrcUserScope,string,Optional,WebSession,,,
-SrcUserScopeId,string,Optional,NetworkSession,,,
-SrcUserScopeId,string,Optional,WebSession,,,
-TcpFlagsAck,bool,Optional,WebSession,,,
-TcpFlagsCwr,bool,Optional,NetworkSession,,,
-TcpFlagsCwr,bool,Optional,WebSession,,,
-TcpFlagsEce,bool,Optional,NetworkSession,,,
-TcpFlagsEce,bool,Optional,WebSession,,,
-TcpFlagsFin,bool,Optional,WebSession,,,
-TcpFlagsNs,bool,Optional,NetworkSession,,,
-TcpFlagsNs,bool,Optional,WebSession,,,
-TcpFlagsPsh,bool,Optional,WebSession,,,
-TcpFlagsRst,bool,Optional,WebSession,,,
-TcpFlagsSyn,bool,Optional,WebSession,,,
-TcpFlagsUrg,bool,Optional,WebSession,,,
-TimeGenerated,datetime,Mandatory,AlertEvent,,,
-Type,string,Mandatory,AlertEvent,,,
-Type,string,Mandatory,UserManagement,,,
-User,string,Alias,DhcpEvent,,,SrcUsername
-ActorScope,string,Optional,RegistryEvent,,,
-DvcZone,string,Optional,RegistryEvent,,,