Data/ItemTypes.psd1
@{ # Default "id" and "ids" description based on Endpoint name "^/cloud-connect-(cspm-)?aws/(combined|entities|queries)/" = "AWS account" "^/cloud-connect-(cspm-)?azure/(entities|queries)/" = "Azure account" "^/cloud-connect-(cspm-)?gcp/(entities|queries)/" = "GCP account" "^/detects/(entities|queries)/" = "Detection" "^/devices/(entities|queries)/devices(-actions|-scroll)?/" = "Host" "^/devices/queries/devices-hidden/" = "hidden Host" "^/falconx/(entities|queries)/(artifacts|report(s|-summaries))/" = "Sandbox report" "^/falconx/(entities|queries)/submissions/" = "Sandbox submission" "^/falcon-complete-dashboards/queries/" = "Falcon Complete" "^/fwmgr/(entities|queries)/events/" = "Firewall Event" "^/fwmgr/(entities|queries)/firewall-fields/" = "Firewall Field" "^/fwmgr/(entities|queries)/platforms/" = "Firewall Platform" "^/fwmgr/entities/policies/" = "Firewall policy" "^/fwmgr/(entities|queries)/rule-groups/" = "Firewall Rule Group" "^/fwmgr/(entities|queries)/(rules|policy-rules)/" = "Firewall Rule" "^/incidents/(entities|queries)/behaviors/" = "Behavior" "^/incidents/(entities|queries)/incident(s|-actions)/" = "Incident" "^/installation-tokens/(entities|queries)/audit-events/" = "Installation Token audit event" "^/installation-tokens/(entities|queries)/(customer-settings|tokens)/" = "Installation Token" "^/intel/(combined|entities|queries)/actors/" = "Actor" "^/intel/(combined|entities|queries)/indicators/" = "Indicator" "^/intel/(combined|entities|queries)/report(s|-files)/" = "Intelligence Report" "^/intel/(entities|queries)/(rules|rules-files|rules-latest-files)/" = "Rule set" "^/ioarules/(entities|queries)/rule-types/" = "Custom IOA Rule type" "^/ioarules/(entities|queries)/pattern-severities/" = "Custom IOA severity" "^/ioarules/(entities|queries)/platforms/" = "Operating System platform" "^/ioarules/(entities|queries)/rule-groups/" = "Custom IOA Rule Group" "^/ioarules/(entities|queries)/rules/" = "Custom IOA Rule" "^/iocs/(entities|queries)/indicators/" = "Custom Indicator" "^/devices/(combined|entities|queries)/host-group(s|-actions|-members)/" = "Host Group" "^/malquery/entities/(download-files|samples-(fetch|multidownload)|metadata)/" = "MalQuery sample" "^/malquery/entities/requests/" = "MalQuery request" "^/mssp/(entities|queries)/children/" = "Member CID" "^/mssp/(entities|queries)/cid-groups/" = "CID Group" "^/mssp/(entities|queries)/cid-group-members/" = "CID Group Member" "^/mssp/(entities|queries)/mssp-roles/" = "User Role" "^/mssp/(entities|queries)/user-groups/" = "User Group" "^/mssp/(entities|queries)/user-group-members/" = "User Group Member" "^/overwatch-dashboards/aggregates/" = "Falcon OverWatch" "^/policy/(combined|entities|queries)/device-control(-actions|-members|-precedence)?/" = "Device Control policy" "^/policy/(combined|entities|queries)/firewall(-actions|-members|-precedence)?/" = "Firewall policy" "^/policy/(entities|queries)/ioa-exclusions/v1" = "Indicator of Attack exclusion" "^/policy/(entities|queries)/ml-exclusions/v1" = "Machine Learning exclusion" "^/policy/(combined|entities|queries)/prevention(-actions|-members|-precedence)?/" = "Prevention policy" "^/policy/(combined|entities|queries)/response(-actions|-members|-precedence)?/" = "Response policy" "^/policy/(combined|entities|queries)/sensor-update(-actions|-builds|-members|-precedence)?/" = "Sensor Update policy" "^/policy/(entities|queries)/sv-exclusions/" = "Sensor Visibility exclusion" "^/processes/entities/processes/" = "Process" "^/real-time-response/combined/batch-(active-responder-|admin-)?command/" = "batch Real-time Response command" "^/real-time-response/entities/(active-responder-|admin-)?command/" = "Real-time Response command" "^/real-time-response/(entities|queries)/(extracted-)?file(-contents)?/" = "Real-time Response 'get' file" "^/real-time-response/(entities|queries)/scripts/" = "Real-time Response script" "^/real-time-response/(entities|queries)/put-files/" = "Real-time Response 'put' file" "^/real-time-response/combined/batch-(init-|refresh-)?session/" = "batch Real-time Response session" "^/real-time-response/(entities|queries)/(refresh-)?session(s|s/GET)?/" = "Real-time Response session" "^/recon/(entities|queries)/actions/" = "Falcon X Recon rule action" "^/recon/(entities|queries)/notifications(-detailed|-detailed-translated|-translated)?/" = "Falcon X Recon notification" "^/recon/(entities|queries)/rules/" = "Falcon X Recon monitoring rule" "^/samples/(entities|queries)/samples/" = "Malware sample" "^/scanner/(entities|queries)/scans" = "QuickScan" "^/sensors/(combined|entities|queries)/(installers|download-installer)/" = "Falcon Sensor installer" "^/sensors/entities/datafeed/" = "Event Stream" "^/settings/entities/policy(-details)?/" = "Policy" "^/spotlight/entities/remediations/" = "Falcon Spotlight Remediation" "^/spotlight/(entities|queries)/vulnerabilities/" = "Falcon Spotlight Vulnerability" "^/users/(entities|queries)/(users|emails-by-cid|user-uuids-by-cid|user-uuids-by-email)/" = "Falcon User" "^/user-roles/(entities|queries)/(user-roles|user-role-ids-by-cid|user-role-ids-by-user-uuid)/" = "Falcon User Role" } |