{ "metaKeyPairs" : [ { "metaKeyPairsCategory" : "COMMON", "keyPairs" : [ { "endpointJpath" : "Category", "metaName" : "category", "type" : "text", "enabled" : true }, { "endpointJpath" : "nwecallbackid", "metaName" : "nwe.callback_id", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SCAN_MACHINE", "keyPairs" : [ { "endpointJpath" : "_id", "metaName" : "agent.id", "type" : "text", "enabled" : true }, { "endpointJpath" : "machineName", "metaName" : "devicehostname", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkInterfaces/ipv4", "metaName" : "devicehostip", "type" : "ipv4", "enabled" : true }, { "endpointJpath" : "scanStartTime", "metaName" : "starttime", "type" : "TimeT", "enabled" : true }, { "endpointJpath" : "machineOsType", "metaName" : "os", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "EVENT_MACHINE", "keyPairs" : [ { "endpointJpath" : "_id", "metaName" : "agent.id", "type" : "text", "enabled" : true }, { "endpointJpath" : "machineName", "metaName" : "devicehostname", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkInterfaces/ipv4", "metaName" : "devicehostip", "type" : "ipv4", "enabled" : true }, { "endpointJpath" : "machineOsType", "metaName" : "os", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "MACHINE", "keyPairs" : [ { "endpointJpath" : "users/domainUserOU", "metaName" : "dn", "type" : "text", "enabled" : true }, { "endpointJpath" : "agentVersion", "metaName" : "version", "type" : "text", "enabled" : true }, { "endpointJpath" : "scanStartTime", "metaName" : "starttime", "type" : "TimeT", "enabled" : true }, { "endpointJpath" : "users/name", "metaName" : "user", "type" : "text", "enabled" : true }, { "endpointJpath" : "users/sessionType", "metaName" : "logon_type", "type" : "text", "enabled" : true }, { "endpointJpath" : "hostFileEntries/hosts", "metaName" : "dhost", "type" : "text", "enabled" : true }, { "endpointJpath" : "securityConfigurations", "metaName" : "host.state", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "MACHINE_IDENTITY", "keyPairs" : [ { "endpointJpath" : "_id", "metaName" : "agent.id", "type" : "text", "enabled" : true }, { "endpointJpath" : "machineName", "metaName" : "devicehostname", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkInterfaces/ipv4", "metaName" : "devicehostip", "type" : "ipv4", "enabled" : true }, { "endpointJpath" : "operatingSystem/description", "metaName" : "os", "type" : "text", "enabled" : true }, { "endpointJpath" : "operatingSystem/domainRole", "metaName" : "host_role", "type" : "text", "enabled" : true }, { "endpointJpath" : "operatingSystem/domainComputerOu", "metaName" : "dn", "type" : "text", "enabled" : true }, { "endpointJpath" : "operatingSystem/domainOrWorkgroup", "metaName" : "domain", "type" : "text", "enabled" : true }, { "endpointJpath" : "locale/timeZone", "metaName" : "timezone", "type" : "text", "enabled" : true }, { "endpointJpath" : "agent/driverErrorCode", "metaName" : "resultcode", "type" : "text", "enabled" : true }, { "endpointJpath" : "agentMode ", "metaName" : "client_mode", "type" : "text", "enabled" : true }, { "endpointJpath" : "machineOsType", "metaName" : "os", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "FILE", "keyPairs" : [ { "endpointJpath" : "checksumSha256", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "firstFileName", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "pe/resources/company", "metaName" : "file_vendor", "type" : "text", "enabled" : true }, { "endpointJpath" : "pe/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "script/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "macho/identifier", "metaName" : "file_vendor", "type" : "text", "enabled" : true }, { "endpointJpath" : "macho/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "elf/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/thumbprint", "metaName" : "cert.thumbprint", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "entropy", "metaName" : "file_entropy", "type" : "Float32", "enabled" : true }, { "endpointJpath" : "size", "metaName" : "filename_size", "type" : "Int64", "enabled" : true }, { "endpointJpath" : "rulename", "metaName" : "rulename", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "CERTIFICATE", "keyPairs" : [ { "endpointJpath" : "subject", "metaName" : "cert_subject", "type" : "text", "enabled" : true }, { "endpointJpath" : "friendlyName", "metaName" : "cert_common", "type" : "text", "enabled" : true }, { "endpointJpath" : "features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "issuer", "metaName" : "cert_ca", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "PROCESS", "keyPairs" : [ { "endpointJpath" : "owner", "metaName" : "c_username", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "vpid", "metaName" : "process.vid.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "vppid", "metaName" : "process.vid.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "PARENT_PROCESS", "keyPairs" : [ { "endpointJpath" : "path", "metaName" : "directory.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "filename", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumSha256", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "AUTORUN", "keyPairs" : [ { "endpointJpath" : "registryPath", "metaName" : "registry.key", "type" : "text", "enabled" : true }, { "endpointJpath" : "type", "metaName" : "autorun_type", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "DLL", "keyPairs" : [ ] }, { "metaKeyPairsCategory" : "DYLIB", "keyPairs" : [ ] }, { "metaKeyPairsCategory" : "DAEMON", "keyPairs" : [ { "endpointJpath" : "name", "metaName" : "service", "type" : "text", "enabled" : true }, { "endpointJpath" : "user", "metaName" : "user", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "LOADED_LIBRARY", "keyPairs" : [ ] }, { "metaKeyPairsCategory" : "SYSTEM_D", "keyPairs" : [ { "endpointJpath" : "name", "metaName" : "service", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "INIT_D", "keyPairs" : [ { "endpointJpath" : "name", "metaName" : "service", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "CRON", "keyPairs" : [ { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true }, { "endpointJpath" : "owner_username", "metaName" : "user", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SERVICE", "keyPairs" : [ { "endpointJpath" : "serviceName", "metaName" : "service", "type" : "text", "enabled" : true }, { "endpointJpath" : "displayName", "metaName" : "service", "type" : "text", "enabled" : true }, { "endpointJpath" : "account", "metaName" : "user", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "TASK", "keyPairs" : [ { "endpointJpath" : "name", "metaName" : "task_name", "type" : "text", "enabled" : true }, { "endpointJpath" : "executeUser", "metaName" : "user", "type" : "text", "enabled" : true }, { "endpointJpath" : "creatorUser", "metaName" : "c_username", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "EVENT", "keyPairs" : [ { "endpointJpath" : "sourceProcess/path", "metaName" : "directory.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileName", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/scriptEngine", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/processCommandLine", "metaName" : "param.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/processUserName", "metaName" : "c_username", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/ownerUserName", "metaName" : "original_owner", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/vpid", "metaName" : "process.vid.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/checksumSha256", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileAttributes", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileFeatures", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/directoryFeatures", "metaName" : "dir.path.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/path", "metaName" : "directory.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/fileName", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/previousPath", "metaName" : "directory", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/previousFileName", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/directoryFeatures", "metaName" : "dir.path.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/features", "metaName" : "context.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetModule/processCommandLine", "metaName" : "param.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileEvent/targetFile/checksumSha256", "metaName" : "checksum.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/path", "metaName" : "directory.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/fileName", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/scriptEngine", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/directoryFeatures", "metaName" : "dir.path.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/features", "metaName" : "context.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/checksumSha256", "metaName" : "checksum.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/processCommandLine", "metaName" : "param.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/vpid", "metaName" : "process.vid.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/targetProcess/processUserName", "metaName" : "username", "type" : "text", "enabled" : true }, { "endpointJpath" : "time", "metaName" : "event_time", "type" : "timet", "enabled" : true }, { "endpointJpath" : "fileEvent/action", "metaName" : "action", "type" : "text", "enabled" : true }, { "endpointJpath" : "processEvent/action", "metaName" : "action", "type" : "text", "enabled" : true }, { "endpointJpath" : "registryEvent/action", "metaName" : "action", "type" : "text", "enabled" : true }, { "endpointJpath" : "registryEvent/subject", "metaName" : "ec_subject", "type" : "text", "enabled" : true }, { "endpointJpath" : "registryEvent/registryPath", "metaName" : "registry.key", "type" : "text", "enabled" : true }, { "endpointJpath" : "consoleEvent/input", "metaName" : "param.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "consoleEvent/output", "metaName" : "param.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "consoleEvent/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "systemEvent/subtype", "metaName" : "event_type", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "EVENT_SOURCE_FILE", "keyPairs" : [ { "endpointJpath" : "signature/thumbprint", "metaName" : "cert.thumbprint", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/features", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "script/features", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "pe/features", "metaName" : "context.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "EVENT_SOURCE_CERTIFICATE", "keyPairs" : [ { "endpointJpath" : "features", "metaName" : "context.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "EVENT_TARGET_FILE", "keyPairs" : [ { "endpointJpath" : "checksumMd5", "metaName" : "checksum.dst", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "FILE_PATH", "keyPairs" : [ { "endpointJpath" : "filename", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "path", "metaName" : "directory", "type" : "text", "enabled" : true }, { "endpointJpath" : "attributes", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "directoryFeatures", "metaName" : "dir.path", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileFeatures", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "processFeatures", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkFeatures", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "kernelModeFeatures", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "userModeFeatures", "metaName" : "context", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SCAN_FILEPATH", "keyPairs" : [ { "endpointJpath" : "path", "metaName" : "directory", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileName", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "attributes", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "directoryFeatures", "metaName" : "dir.path", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileFeatures", "metaName" : "context", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "HOOK_FILEPATH", "keyPairs" : [ { "endpointJpath" : "path", "metaName" : "directory.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileName", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "attributes", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "directoryFeatures", "metaName" : "dir.path.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileFeatures", "metaName" : "context.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SCAN_FILEPATH_DST", "keyPairs" : [ { "endpointJpath" : "path", "metaName" : "directory.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileName", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "attributes", "metaName" : "context.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "directoryFeatures", "metaName" : "dir.path.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "fileFeatures", "metaName" : "context.dst", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SCAN_FILE", "keyPairs" : [ { "endpointJpath" : "checksumSha256", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/features", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "elf/features", "metaName" : "context", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "HOOK_FILE", "keyPairs" : [ { "endpointJpath" : "checksumSha256", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/features", "metaName" : "context.src", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "SCAN_FILE_DST", "keyPairs" : [ { "endpointJpath" : "checksumSha256", "metaName" : "checksum.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/features", "metaName" : "context.dst", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "NETWORK", "keyPairs" : [ { "endpointJpath" : "sourceProcess/checksumSha256", "metaName" : "checksum.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/path", "metaName" : "directory.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileName", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/scriptEngine", "metaName" : "filename_src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/vpid", "metaName" : "process.vid.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/processCommandLine", "metaName" : "param.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/processUserName", "metaName" : "c_username", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/ownerUserName", "metaName" : "original_owner", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileAttributes", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/fileFeatures", "metaName" : "context.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "sourceProcess/directoryFeatures", "metaName" : "dir.path.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "time", "metaName" : "event_time", "type" : "TimeT", "enabled" : true }, { "endpointJpath" : "networkEvent/protocol", "metaName" : "ip_proto", "type" : "UInt8", "enabled" : true }, { "endpointJpath" : "networkEvent/sourceIp", "metaName" : "saddr", "type" : "IPv4", "enabled" : true }, { "endpointJpath" : "networkEvent/sourceIp6", "metaName" : "saddr_v6", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkEvent/domain", "metaName" : "domain.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkEvent/destinationIp", "metaName" : "daddr", "type" : "IPv4", "enabled" : true }, { "endpointJpath" : "networkEvent/destinationIp6", "metaName" : "daddr_v6", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkEvent/destinationPort", "metaName" : "port.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkEvent/sourcePort", "metaName" : "port.src", "type" : "text", "enabled" : true }, { "endpointJpath" : "networkEvent/features", "metaName" : "context", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "FILE_ANALYSIS", "keyPairs" : [ { "endpointJpath" : "checksumSha256", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "firstFileName", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "pe/resources/company", "metaName" : "file_vendor", "type" : "text", "enabled" : true }, { "endpointJpath" : "signature/thumbprint", "metaName" : "cert.thumbprint", "type" : "text", "enabled" : true }, { "endpointJpath" : "entropy", "metaName" : "file_entropy", "type" : "Float32", "enabled" : true }, { "endpointJpath" : "size", "metaName" : "filename_size", "type" : "Int64", "enabled" : true }, { "endpointJpath" : "statuses", "metaName" : "context", "type" : "Text", "enabled" : true }, { "endpointJpath" : "statuses_src", "metaName" : "context.src", "type" : "Text", "enabled" : true }, { "endpointJpath" : "statuses_dst", "metaName" : "context.dst", "type" : "Text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "IMAGE_HOOK", "keyPairs" : [ { "endpointJpath" : "type", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/fileName", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/path", "metaName" : "directory.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/symbol", "metaName" : "function", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/checksumSha256", "metaName" : "checksum.dst", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "KERNEL_HOOK", "keyPairs" : [ { "endpointJpath" : "type", "metaName" : "context", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/fileName", "metaName" : "filename_dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/path", "metaName" : "directory.dst", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/objectName", "metaName" : "function", "type" : "text", "enabled" : true }, { "endpointJpath" : "hookLocation/objectFunction", "metaName" : "function", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "REGISTRY_DISCREPANCY", "keyPairs" : [ { "endpointJpath" : "registryPath", "metaName" : "registry.key", "type" : "text", "enabled" : true }, { "endpointJpath" : "reason", "metaName" : "context", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "PROCESS_IN_HOOK", "keyPairs" : [ { "endpointJpath" : "path", "metaName" : "directory", "type" : "text", "enabled" : true }, { "endpointJpath" : "filename", "metaName" : "filename", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumSha256", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "checksumMd5", "metaName" : "checksum", "type" : "text", "enabled" : true }, { "endpointJpath" : "launchArguments", "metaName" : "param", "type" : "text", "enabled" : true }, { "endpointJpath" : "owner", "metaName" : "user", "type" : "text", "enabled" : true } ] }, { "metaKeyPairsCategory" : "THREAD", "keyPairs" : [ ] } ] }