Maps defined in this tool work together with the Referenced from Map data source setting for individual fields. The following built-in maps are available:
Identity: Contains information about identities and the accounts associated with them. Data is added to the Identity map through the Collector API and Identity Tracking Module for Sentinel. Data is then extracted to the identityAccountMap.csv file.
Keys: User name and domain, TenantName (mapped to both Initiator and Target users).
Data added to event: User identity (an internal GUID), full name, department, workforce ID, and e-mail address.
Asset: Contains information about hosts in the environment. Data is added to the Asset map using a Collector API and Collectors such as the Generic Asset Collector, stored in the database, and then extracted to the asset.csv file.
Keys: IP address and TenantName (mapped to Initiator, Target, Observer, and Reporter hosts).
Data added to event: Host identity (an internal GUID), function, class, department, and criticality.
Country: Contains information about which physical location hosts reside in, including country, latitude, and longitude. Data is downloaded from a commercial IP location database and added to the IpToCountry.csv file using the Generic IP Geolocation Collector.
Keys: IP address and TenantName (mapped to Initiator, Target, and Observer hosts).
Data added to event: Country, latitude, and longitude.
Exploit: Contains information about vulnerabilities present in and attacks on enterprise hosts. Information is added to the Exploit map by the Advisor service, stored in the database, and extracted to the exploitDetection.csv file.
Keys: Target IP address, IDSAttackName, IDSName, and TenantName.
Data added to event: Vulnerability flag.
CustomerHierarchy: Contains a hierarchical list of tenants that are generating event data. This can be used by security providers that collect data for multiple third parties or departments to provide a hierarchic namespace for users and hosts. Data is added to the customerhierachy.csv file manually.
Keys: TenantName.
Data added to event: TenantHierarchy fields.