Supported Features for Linking Elements in a Custom Detection Rule
The following tables list Features available per Element. Use the following values in the “UI Name” columns when constructing queries in the Cybereason UI, and use the values in the “API Name” columns in API query requests.
Connection Element
Use these Features to connect a Connection Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
DomainName
Domain Name
DomainName
remoteMachine
Remote Machine
Machine
urlDomains
URL Domains
DomainName
File Element
Use these Features to connect a File Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
fileHash
File Hash
FileHash
ownerMachine
Machine
Machine
Logon Session Element
Use these Features to connect a Logon Session Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
ownerMachine
Owner machine
Machine
remoteMachine
Remote Machine
Machine
user
User
User
Module Element
Use these Features to connect a File Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
file
File
File
Process Element
Use these Features to connect a Process Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
autorun
Registry entry
Autorun
children
Children
Process
connections
Connections
Connection
hostedChildren
Hosted injected children
Process
hostProcess
Host Process
Process
imageFile
Image file
File
injectedChildren
Injected Child Processes
Process
loadedModules
Loaded Modules
Module
originInjector
Original Injector Process
Process
ownerMachine
Machine
Machine
parentProcess
Parent process
Process
scheduledTask
Scheduled task
ScheduledTask
service
Service
Service
user
User
User
Scheduled Task Element
Use these Features to connect a Scheduled Task Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
executableActions
Scheduled Task Actions
ExecutableTaskActions
Service Element
Use these Features to connect a Service Element to other Elements:
API Feature Name
UI Feature Name
API Target Element
binaryFile
Binary file
File
ownerMachine
Machine
Machine