Responses

GET_DOCUMENT_REP Generated when a doc_cache_get task requests a cached document. Platforms:

This page contains details for events generated by File and Registry Integirty Monitoring, or "FIM", Sensor commands . FIM_ADD Response event for the fim_add sensor command. Platforms: FIM_DEL Response event for the fim_del...

This page contains details for events generated by Files and Directories sensor commands. DIR_FINDHASH_REP Response event for the dir_find_hash sensor command. Platforms: { "DIRECTORY_LIST": [ { "HASH...

This page contains details for events generated by Management sensor commands . GET_EXFIL_EVENT_REP Response from an exfil_get sensor command. Platforms: HISTORY_DUMP_REP Response from history_dump sensor command. Does not...

This page contains details for response events generated by Memory sensor commands . DEBUG_DATA_REP Response from a get_debug_data request. MEM_FIND_HANDLES_REP Response event for the mem_find_handle sensor command. Platforms: M...

This page contains details for response events generated by Mitigation sensor commands . REJOIN_NETWORK Emitted after a sensor is allowed network connectivity again (after it was previously segregated). Platforms: SEGREGATE_NETW...

NETSTAT_REP This event is generated in response to the netstat command to list active network sockets. Platforms: PCAP_LIST_INTERFACES_REP Response from a pcap_ifaces request.

OS_AUTORUNS_REP Response from an Autoruns listing request. Platforms: Windows, Linux, MacOS { "TIMESTAMP": 1456194620, "AUTORUNS": [ { "REGISTRY_KEY": "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\VMware User Process", ...

REGISTRY_LIST_REP This event is generated in response to the reg_list command to list keys and values in a registry key. Platforms: Windows { "REGISTRY_KEY": [ "ActiveState", "ATI Technologies", "BreakPoint", "Ca...