A file was opened/read
| Parameter | Value |
|---|---|
| Subject | file |
| Activity | read |
| Activity Type | file-read |
| Pretty Name | File Read |
| Success | Fail |
|---|---|
| file-read usb-read |
file-read usb-read |
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
| Field | Core | Detection | Informational |
|---|---|---|---|
| is_dok | ✓ | ||
| is_peripheral_storage | ✓ | ||
| device_pid | ✓ | ||
| storage_account | ✓ | ||
| device_vid | ✓ | ||
| cid | ✓ |
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| is_dok | ✓ | ||
| failure_reason | ✓ | ||
| storage_account | ✓ | ||
| cid | ✓ |