eventClasses
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:
ACCESS_ACTIVITYFILE_ACTIVITYKERNEL_ACTIVITYKERNEL_EXTENSIONMEMORY_ACTIVITYMODULE_ACTIVITYPROCESS_ACTIVITYREGISTRY_KEY_ACTIVITYREGISTRY_VALUE_ACTIVITYRESOURCE_ACTIVITYSCHEDULED_JOB_ACTIVITYSECURITY_FINDINGACCOUNT_CHANGEAUTHENTICATIONAUTHORIZATIONENTITY_MANAGEMENT_AUDITDHCP_ACTIVITYNETWORK_ACTIVITYDNS_ACTIVITYFTP_ACTIVITYHTTP_ACTIVITYRDP_ACTIVITYSMB_ACTIVITYSSH_ACTIVITYCONFIG_STATEINVENTORY_INFOEMAIL_ACTIVITYAPI_ACTIVITYCLOUD_API