CrowdStrike

Device Inventory

Retrieves detailed asset data on devices managed by CrowdStrike Falcon Spotlight for asset visibility and vulnerability mapping.

Sync Type: Full Synchronisation

Requirements

Before you connect Monad to CrowdStrike, you need a Client ID and Client Secret. Log in to your CrowdStrike portal, and under Support & Resources, click on 'API Client and Keys' to create your credentials.

Enter a Client Name, Description and API Scopes to define the API client. Ensure read roles for Hosts are enabled.
Click Done.
Copy the ClientID and ClientSecret key. You'll need them when you set up the Monad connector.

Details

Monad uses the cron field to run on specific intervals and returns all device details, performing a full sync of data each time.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Cron	string	Yes	Cron string for scheduling tasks. Ex: '0 0 * * *' for daily execution at midnight.
Cloud Type	string	No	Your cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'.

Secrets

Secret	Type	Required	Description
Client ID	string	Yes	Client ID for the CrowdStrike API. This is required to authenticate requests.
Client Secret	string	Yes	Client Secret for the CrowdStrike API. This is required to authenticate requests.

OCSF Conversion

The following JQ transformation converts Crowdstrike Device Details data to OCSF Version 1.1.0 compliant format.

JQ Transformation

Code
{
  "metadata": {
    "product": {
      "name": .platform_name,
      "version": .agent_version,
      "feature": {
        "name": "Host Information"
      }
    },
    "version": "1.0.0"
  },
  "device": {
    "hostname": .hostname,
    "ip": [.local_ip, .connection_ip, .external_ip],
    "mac": [.mac_address, .connection_mac_address],
    "uid": .device_id,
    "serial_number": .serial_number,
    "domain": .machine_domain,
    "product": {
      "name": .system_product_name,
      "type": .product_type,
      "type_id": .product_type_desc,
      "vendor_name": .system_manufacturer
    },
    "tags": .tags,
    "group": {
      "name": .groups,
      "uid": .group_hash
    }
  },
  "host": {
    "os": {
      "name": .os_product_name,
      "version": .os_version,
      "build": .os_build,
      "kernel_version": .kernel_version,
      "type": (if .os_product_name | startswith("Windows") then "windows"
               elif .kernel_version != null then "linux"
               else "unknown" end)
    },
    "users": [
      {
        "name": .last_login_user,
        "uid": .last_login_uid,
        "domain_uid": .last_login_user_sid,
        "email_addr": .email
      }
    ],
    "hw": {
      "cpu": { "vendor": .cpu_vendor, "signature": .cpu_signature },
      "bios": { "vendor": .bios_manufacturer, "version": .bios_version },
      "chassis": { "type": .chassis_type, "desc": .chassis_type_desc }
    }
  },
  "cloud": {
    "provider": .service_provider,
    "account": { "uid": .service_provider_account_id },
    "instance": { "uid": .instance_id }
  },
  "container": {
    "pod": {
      "name": .pod_name,
      "uid": .pod_id,
      "namespace": .pod_namespace,
      "ip": [.pod_ip4, .pod_ip6],
      "host": {
        "hostname": .pod_hostname,
        "ip": [.pod_host_ip4, .pod_host_ip6]
      },
      "labels": .pod_labels,
      "annotations": .pod_annotations,
      "service_account": { "name": .pod_service_account_name }
    },
    "k8s": {
      "cluster": {
        "uid": .k8s_cluster_id,
        "version": .k8s_cluster_version,
        "git_version": .k8s_cluster_git_version
      }
    }
  },
  "state": {
    "status": .status,
    "first_seen_time": .first_seen,
    "last_seen_time": .last_seen,
    "last_reboot_time": .last_reboot,
    "first_login_time": .first_login_timestamp,
    "last_login_time": .last_login_timestamp,
    "modified_time": .modified_timestamp
  },
  "agent": {
    "version": .agent_version,
    "local_time": .agent_local_time,
    "load_flags": .agent_load_flags,
    "config": {
      "base": .config_id_base,
      "build": .config_id_build,
      "platform": .config_id_platform
    }
  },
  "network": {
    "default_gateway": {
      "ip": .default_gateway_ip
    }
  },
  "policy": {
    "names": (.policies // []) | map(.policy_name)
  },
  "meta": .meta,
  "org": {
    "timezone_offset": .host_utc_offset,
    "ou": .ou,
    "site_name": .site_name,
    "zone_group": .zone_group
  },
  "flags": {
    "internet_exposure": .internet_exposure,
    "deployment_type": .deployment_type,
    "detection_suppression_status": .detection_suppression_status,
    "host_hidden_status": .host_hidden_status,
    "provision_status": .provision_status,
    "reduced_functionality_mode": .reduced_functionality_mode,
    "linux_sensor_mode": .linux_sensor_mode
  }
}

OCSF Mapping Details

The JQ transformation converts Crowdstrike Device Details to OCSF Version 1.1.0 with the following key mappings:

Device Information

Type ID: Maps directly from product_type_desc
Hostname: Maps from hostname
Name: Maps from hostname
UID: Maps from device_id
IP: Maps from an array of [local_ip, connection_ip, external_ip]
MAC: Maps from an array of [mac_address, connection_mac_address]
Is Managed: Derived from provision_status
Serial Number: Maps from serial_number
Domain: Maps from machine_domain
Product:
- Name: Maps from system_product_name
- Type: Maps from product_type
- Type_id: Maps from product_type_desc
- Vendor_name: Maps from system_manufacturer
Tags: Maps from tags
Group:
- Name: Maps from groups
- UID: Maps from group_hash

Host Information

OS:

Name: Maps from os_product_name
Version: Maps from os_version
Build: Maps from os_build
Kernel_version: Maps from kernel_version
Type: Derived from os_product_name (windows/linux/unknown)

Users: Array containing user information:

Name: Maps from last_login_user
UID: Maps from last_login_uid
Domain_uid: Maps from last_login_user_sid
Email_addr: Maps from email HW:
CPU: Vendor and signature mapped from cpu_vendor and cpu_signature
BIOS: Vendor and version mapped from bios_manufacturer and bios_version
Chassis: Type and description mapped from chassis_type and chassis_type_desc

Cloud Information

Provider: Maps from service_provider

Account: UID maps from service_provider_account_id

Instance: UID maps from instance_id

Cloud Information

Provider: Maps from service_provider

Account: UID maps from service_provider_account_id

Instance: UID maps from instance_id

Operating System Information

Name: Concatenated from platform_name and os_version

Type ID: Mapped from platform_name:

Mac → 300
Windows → 100
Linux → 200
Others → 0

Version: Maps from os_version Build: Maps from os_build CPE Name: Generated for Mac systems

Container Information

Pod:

Name: Maps from pod_name
UID: Maps from pod_id
Namespace: Maps from pod_namespace
IP: Maps from an array of [pod_ip4, pod_ip6]
Host:
- Hostname: Maps from pod_hostname
- IP: Maps from an array of [pod_host_ip4, pod_host_ip6]
- Labels: Maps from pod_labels
- Annotations: Maps from pod_annotations
- Service Account Name: Maps from pod_service_account_name K8s:
- Cluster:
  - UID: Maps from k8s_cluster_id
  - Version: Maps from k8s_cluster_version
  - Git_version: Maps from k8s_cluster_git_version

State Information

Status: Maps from status

First_seen_time: Maps from first_seen

Last_seen_time: Maps from last_seen

Last_reboot_time: Maps from last_reboot

First_login_time: Maps from first_login_timestamp

Last_login_time: Maps from last_login_timestamp

Modified_time: Maps from modified_timestamp

Agent Information

Version: Maps from agent_version Local_time: Maps from agent_local_time Load_flags: Maps from agent_load_flags Config:

Base: Maps from config_id_base
Build: Maps from config_id_build
Platform: Maps from config_id_platform

Network Information

Default_gateway: IP maps from default_gateway_ip

Policy Information

Names: Maps policy names from policies array

Additional Information

Meta: Maps from meta

Org:

Timezone_offset: Maps from host_utc_offset
OU: Maps from ou
Site_name: Maps from site_name
Zone_group: Maps from zone_group

Flags:
- Various flags mapped directly from corresponding fields

Metadata

Version: Set to "1.1.0" Product:
- Name: Maps from platform_name
- Version: Maps from agent_version
- Feature:
  - Name: "Host Information"

Unmapped Fields

Additional fields not part of the OCSF schema are preserved in the unmapped object for reference and potential future use.

Customization

The transformation serves as a starting point and can be modified to accommodate specific requirements while maintaining OCSF compliance. The mapping prioritizes essential device information and platform detection while providing appropriate handling for optional fields.

Sample Record


Code
{
  "agent_load_flags": "sample_load_flags",
  "agent_local_time": "2024-07-16T10:00:00Z",
  "agent_version": "1.0.0",
  "bios_manufacturer": "Sample BIOS Manufacturer",
  "bios_version": "1.2.3",
  "build_number": "12345",
  "chassis_type": "desktop",
  "chassis_type_desc": "Desktop Chassis",
  "cid": "sample_cid",
  "config_id_base": "config_base",
  "config_id_build": "config_build",
  "config_id_platform": "config_platform",
  "connection_ip": "55.32.80.189",
  "connection_mac_address": "5e:ea:bc:fa:04:56",
  "cpu_signature": "Intel-1234",
  "cpu_vendor": "Intel",
  "default_gateway_ip": "99.123.215.194",
  "deployment_type": "production",
  "detection_suppression_status": "inactive",
  "device_id": "sample_device_id",
  "device_policies": {
    "policy_name": "sample_policy",
    "policy_description": "Sample policy description"
  },
  "email": "carol.brown@example.com",
  "external_ip": "203.0.113.10",
  "first_login_timestamp": "2025-08-11T23:46:34.13962Z",
  "first_seen": "2024-07-15T12:00:00Z",
  "group_hash": "sample_hash",
  "groups": [
    "group1",
    "group2"
  ],
  "host_hidden_status": "visible",
  "host_utc_offset": "+02:00",
  "hostname": "sample-host",
  "instance_id": "instance123",
  "internet_exposure": "low",
  "k8s_cluster_git_version": "v1.21.1",
  "k8s_cluster_id": "cluster123",
  "k8s_cluster_version": "1.21",
  "kernel_version": "4.19.0-16-amd64",
  "last_login_timestamp": "2025-08-11T23:46:34.139625Z",
  "last_login_uid": "user123",
  "last_login_user": "carol.brown@example.com",
  "last_login_user_sid": "sid123",
  "last_reboot": "2024-07-16T07:45:00Z",
  "last_seen": "2025-08-11T23:46:34.139641Z",
  "linux_sensor_mode": "active",
  "local_ip": "10.40.141.145",
  "mac_address": "c6:40:59:0d:f3:aa",
  "machine_domain": "example-domain",
  "major_version": "10",
  "managed_apps": {
    "app_name": "sample_app",
    "app_version": "1.0.0"
  },
  "meta": {
    "meta_field1": "value1",
    "meta_field2": "value2"
  },
  "minor_version": "0",
  "modified_timestamp": "2024-07-16T10:00:00Z",
  "notes": [
    "note1",
    "note2"
  ],
  "os_build": "19044.1288",
  "os_product_name": "Windows 10 Pro",
  "os_version": "10.0.19044",
  "ou": [
    "ou1",
    "ou2"
  ],
  "platform_id": "platform123",
  "platform_name": "Sample Platform",
  "pod_annotations": [
    "annotation1",
    "annotation2"
  ],
  "pod_host_ip4": "62.176.19.50",
  "pod_host_ip6": "2001:db8::1",
  "pod_hostname": "pod-host",
  "pod_id": "pod123",
  "pod_ip4": "104.154.104.236",
  "pod_ip6": "2001:db8::2",
  "pod_labels": [
    "label1",
    "label2"
  ],
  "pod_name": "sample-pod",
  "pod_namespace": "default",
  "pod_service_account_name": "svc-account",
  "pointer_size": "64-bit",
  "policies": [
    {
      "policy_name": "policy1",
      "policy_description": "Policy 1 description"
    },
    {
      "policy_name": "policy2",
      "policy_description": "Policy 2 description"
    }
  ],
  "product_type": "desktop",
  "product_type_desc": "Desktop Product",
  "provision_status": "active",
  "reduced_functionality_mode": "disabled",
  "release_group": "group1",
  "serial_number": "ABC123",
  "service_pack_major": "1",
  "service_pack_minor": "0",
  "service_provider": "Sample Provider",
  "service_provider_account_id": "provider123",
  "site_name": "site123",
  "status": "online",
  "system_manufacturer": "Sample Manufacturer",
  "system_product_name": "Sample Product",
  "tags": [
    "tag1",
    "tag2"
  ],
  "zone_group": "zone1"
}

Last modified on May 19, 2026

Detection Summaries Event Stream

CrowdStrike

Device Inventory

Retrieves detailed asset data on devices managed by CrowdStrike Falcon Spotlight for asset visibility and vulnerability mapping.

Sync Type: Full Synchronisation

Requirements

Before you connect Monad to CrowdStrike, you need a Client ID and Client Secret. Log in to your CrowdStrike portal, and under Support & Resources, click on 'API Client and Keys' to create your credentials.

Enter a Client Name, Description and API Scopes to define the API client. Ensure read roles for Hosts are enabled.
Click Done.
Copy the ClientID and ClientSecret key. You'll need them when you set up the Monad connector.

Details

Monad uses the cron field to run on specific intervals and returns all device details, performing a full sync of data each time.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Cron	string	Yes	Cron string for scheduling tasks. Ex: '0 0 * * *' for daily execution at midnight.
Cloud Type	string	No	Your cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'.

Secrets

Secret	Type	Required	Description
Client ID	string	Yes	Client ID for the CrowdStrike API. This is required to authenticate requests.
Client Secret	string	Yes	Client Secret for the CrowdStrike API. This is required to authenticate requests.

OCSF Conversion

The following JQ transformation converts Crowdstrike Device Details data to OCSF Version 1.1.0 compliant format.

JQ Transformation

Code
{
  "metadata": {
    "product": {
      "name": .platform_name,
      "version": .agent_version,
      "feature": {
        "name": "Host Information"
      }
    },
    "version": "1.0.0"
  },
  "device": {
    "hostname": .hostname,
    "ip": [.local_ip, .connection_ip, .external_ip],
    "mac": [.mac_address, .connection_mac_address],
    "uid": .device_id,
    "serial_number": .serial_number,
    "domain": .machine_domain,
    "product": {
      "name": .system_product_name,
      "type": .product_type,
      "type_id": .product_type_desc,
      "vendor_name": .system_manufacturer
    },
    "tags": .tags,
    "group": {
      "name": .groups,
      "uid": .group_hash
    }
  },
  "host": {
    "os": {
      "name": .os_product_name,
      "version": .os_version,
      "build": .os_build,
      "kernel_version": .kernel_version,
      "type": (if .os_product_name | startswith("Windows") then "windows"
               elif .kernel_version != null then "linux"
               else "unknown" end)
    },
    "users": [
      {
        "name": .last_login_user,
        "uid": .last_login_uid,
        "domain_uid": .last_login_user_sid,
        "email_addr": .email
      }
    ],
    "hw": {
      "cpu": { "vendor": .cpu_vendor, "signature": .cpu_signature },
      "bios": { "vendor": .bios_manufacturer, "version": .bios_version },
      "chassis": { "type": .chassis_type, "desc": .chassis_type_desc }
    }
  },
  "cloud": {
    "provider": .service_provider,
    "account": { "uid": .service_provider_account_id },
    "instance": { "uid": .instance_id }
  },
  "container": {
    "pod": {
      "name": .pod_name,
      "uid": .pod_id,
      "namespace": .pod_namespace,
      "ip": [.pod_ip4, .pod_ip6],
      "host": {
        "hostname": .pod_hostname,
        "ip": [.pod_host_ip4, .pod_host_ip6]
      },
      "labels": .pod_labels,
      "annotations": .pod_annotations,
      "service_account": { "name": .pod_service_account_name }
    },
    "k8s": {
      "cluster": {
        "uid": .k8s_cluster_id,
        "version": .k8s_cluster_version,
        "git_version": .k8s_cluster_git_version
      }
    }
  },
  "state": {
    "status": .status,
    "first_seen_time": .first_seen,
    "last_seen_time": .last_seen,
    "last_reboot_time": .last_reboot,
    "first_login_time": .first_login_timestamp,
    "last_login_time": .last_login_timestamp,
    "modified_time": .modified_timestamp
  },
  "agent": {
    "version": .agent_version,
    "local_time": .agent_local_time,
    "load_flags": .agent_load_flags,
    "config": {
      "base": .config_id_base,
      "build": .config_id_build,
      "platform": .config_id_platform
    }
  },
  "network": {
    "default_gateway": {
      "ip": .default_gateway_ip
    }
  },
  "policy": {
    "names": (.policies // []) | map(.policy_name)
  },
  "meta": .meta,
  "org": {
    "timezone_offset": .host_utc_offset,
    "ou": .ou,
    "site_name": .site_name,
    "zone_group": .zone_group
  },
  "flags": {
    "internet_exposure": .internet_exposure,
    "deployment_type": .deployment_type,
    "detection_suppression_status": .detection_suppression_status,
    "host_hidden_status": .host_hidden_status,
    "provision_status": .provision_status,
    "reduced_functionality_mode": .reduced_functionality_mode,
    "linux_sensor_mode": .linux_sensor_mode
  }
}

OCSF Mapping Details

The JQ transformation converts Crowdstrike Device Details to OCSF Version 1.1.0 with the following key mappings:

Device Information

Type ID: Maps directly from product_type_desc
Hostname: Maps from hostname
Name: Maps from hostname
UID: Maps from device_id
IP: Maps from an array of [local_ip, connection_ip, external_ip]
MAC: Maps from an array of [mac_address, connection_mac_address]
Is Managed: Derived from provision_status
Serial Number: Maps from serial_number
Domain: Maps from machine_domain
Product:
- Name: Maps from system_product_name
- Type: Maps from product_type
- Type_id: Maps from product_type_desc
- Vendor_name: Maps from system_manufacturer
Tags: Maps from tags
Group:
- Name: Maps from groups
- UID: Maps from group_hash

Host Information

OS:

Name: Maps from os_product_name
Version: Maps from os_version
Build: Maps from os_build
Kernel_version: Maps from kernel_version
Type: Derived from os_product_name (windows/linux/unknown)

Users: Array containing user information:

Name: Maps from last_login_user
UID: Maps from last_login_uid
Domain_uid: Maps from last_login_user_sid
Email_addr: Maps from email HW:
CPU: Vendor and signature mapped from cpu_vendor and cpu_signature
BIOS: Vendor and version mapped from bios_manufacturer and bios_version
Chassis: Type and description mapped from chassis_type and chassis_type_desc

Cloud Information

Provider: Maps from service_provider

Account: UID maps from service_provider_account_id

Instance: UID maps from instance_id

Cloud Information

Provider: Maps from service_provider

Account: UID maps from service_provider_account_id

Instance: UID maps from instance_id

Operating System Information

Name: Concatenated from platform_name and os_version

Type ID: Mapped from platform_name:

Mac → 300
Windows → 100
Linux → 200
Others → 0

Version: Maps from os_version Build: Maps from os_build CPE Name: Generated for Mac systems

Container Information

Pod:

Name: Maps from pod_name
UID: Maps from pod_id
Namespace: Maps from pod_namespace
IP: Maps from an array of [pod_ip4, pod_ip6]
Host:
- Hostname: Maps from pod_hostname
- IP: Maps from an array of [pod_host_ip4, pod_host_ip6]
- Labels: Maps from pod_labels
- Annotations: Maps from pod_annotations
- Service Account Name: Maps from pod_service_account_name K8s:
- Cluster:
  - UID: Maps from k8s_cluster_id
  - Version: Maps from k8s_cluster_version
  - Git_version: Maps from k8s_cluster_git_version

State Information

Status: Maps from status

First_seen_time: Maps from first_seen

Last_seen_time: Maps from last_seen

Last_reboot_time: Maps from last_reboot

First_login_time: Maps from first_login_timestamp

Last_login_time: Maps from last_login_timestamp

Modified_time: Maps from modified_timestamp

Agent Information

Version: Maps from agent_version Local_time: Maps from agent_local_time Load_flags: Maps from agent_load_flags Config:

Base: Maps from config_id_base
Build: Maps from config_id_build
Platform: Maps from config_id_platform

Network Information

Default_gateway: IP maps from default_gateway_ip

Policy Information

Names: Maps policy names from policies array

Additional Information

Meta: Maps from meta

Org:

Timezone_offset: Maps from host_utc_offset
OU: Maps from ou
Site_name: Maps from site_name
Zone_group: Maps from zone_group

Flags:
- Various flags mapped directly from corresponding fields

Metadata

Version: Set to "1.1.0" Product:
- Name: Maps from platform_name
- Version: Maps from agent_version
- Feature:
  - Name: "Host Information"

Unmapped Fields

Additional fields not part of the OCSF schema are preserved in the unmapped object for reference and potential future use.

Customization

Sample Record


Code
{
  "agent_load_flags": "sample_load_flags",
  "agent_local_time": "2024-07-16T10:00:00Z",
  "agent_version": "1.0.0",
  "bios_manufacturer": "Sample BIOS Manufacturer",
  "bios_version": "1.2.3",
  "build_number": "12345",
  "chassis_type": "desktop",
  "chassis_type_desc": "Desktop Chassis",
  "cid": "sample_cid",
  "config_id_base": "config_base",
  "config_id_build": "config_build",
  "config_id_platform": "config_platform",
  "connection_ip": "55.32.80.189",
  "connection_mac_address": "5e:ea:bc:fa:04:56",
  "cpu_signature": "Intel-1234",
  "cpu_vendor": "Intel",
  "default_gateway_ip": "99.123.215.194",
  "deployment_type": "production",
  "detection_suppression_status": "inactive",
  "device_id": "sample_device_id",
  "device_policies": {
    "policy_name": "sample_policy",
    "policy_description": "Sample policy description"
  },
  "email": "carol.brown@example.com",
  "external_ip": "203.0.113.10",
  "first_login_timestamp": "2025-08-11T23:46:34.13962Z",
  "first_seen": "2024-07-15T12:00:00Z",
  "group_hash": "sample_hash",
  "groups": [
    "group1",
    "group2"
  ],
  "host_hidden_status": "visible",
  "host_utc_offset": "+02:00",
  "hostname": "sample-host",
  "instance_id": "instance123",
  "internet_exposure": "low",
  "k8s_cluster_git_version": "v1.21.1",
  "k8s_cluster_id": "cluster123",
  "k8s_cluster_version": "1.21",
  "kernel_version": "4.19.0-16-amd64",
  "last_login_timestamp": "2025-08-11T23:46:34.139625Z",
  "last_login_uid": "user123",
  "last_login_user": "carol.brown@example.com",
  "last_login_user_sid": "sid123",
  "last_reboot": "2024-07-16T07:45:00Z",
  "last_seen": "2025-08-11T23:46:34.139641Z",
  "linux_sensor_mode": "active",
  "local_ip": "10.40.141.145",
  "mac_address": "c6:40:59:0d:f3:aa",
  "machine_domain": "example-domain",
  "major_version": "10",
  "managed_apps": {
    "app_name": "sample_app",
    "app_version": "1.0.0"
  },
  "meta": {
    "meta_field1": "value1",
    "meta_field2": "value2"
  },
  "minor_version": "0",
  "modified_timestamp": "2024-07-16T10:00:00Z",
  "notes": [
    "note1",
    "note2"
  ],
  "os_build": "19044.1288",
  "os_product_name": "Windows 10 Pro",
  "os_version": "10.0.19044",
  "ou": [
    "ou1",
    "ou2"
  ],
  "platform_id": "platform123",
  "platform_name": "Sample Platform",
  "pod_annotations": [
    "annotation1",
    "annotation2"
  ],
  "pod_host_ip4": "62.176.19.50",
  "pod_host_ip6": "2001:db8::1",
  "pod_hostname": "pod-host",
  "pod_id": "pod123",
  "pod_ip4": "104.154.104.236",
  "pod_ip6": "2001:db8::2",
  "pod_labels": [
    "label1",
    "label2"
  ],
  "pod_name": "sample-pod",
  "pod_namespace": "default",
  "pod_service_account_name": "svc-account",
  "pointer_size": "64-bit",
  "policies": [
    {
      "policy_name": "policy1",
      "policy_description": "Policy 1 description"
    },
    {
      "policy_name": "policy2",
      "policy_description": "Policy 2 description"
    }
  ],
  "product_type": "desktop",
  "product_type_desc": "Desktop Product",
  "provision_status": "active",
  "reduced_functionality_mode": "disabled",
  "release_group": "group1",
  "serial_number": "ABC123",
  "service_pack_major": "1",
  "service_pack_minor": "0",
  "service_provider": "Sample Provider",
  "service_provider_account_id": "provider123",
  "site_name": "site123",
  "status": "online",
  "system_manufacturer": "Sample Manufacturer",
  "system_product_name": "Sample Product",
  "tags": [
    "tag1",
    "tag2"
  ],
  "zone_group": "zone1"
}

Last modified on May 19, 2026

Detection Summaries Event Stream