Extended event schema

You can use the extended event schema fields in normalizers for normalizing events and in other KUMA resources, for example, as widget fields or to filter and search for events. You can view the list of all extended event schema fields that exist in KUMA in the Settings → Extended event schema fields section. The list of extended event schema fields is the same for all tenants.

Only users with the General administrator, Tenant administrator, Tier 2 analyst, Tier 1 analyst, Junior analyst, Read shared resources, and Manage shared resources roles can view the table of extended event schema fields.

The Extended event schema fields table contains the following information:

By default, the table of extended event schema fields is sorted by update date in descending order. If necessary, you can sort the table by clicking a column heading and selecting Ascending or Descending; you can also use context search by field name.

By default, the following service extended event schema fields are automatically added to KUMA:

You cannot edit, delete, export, or disable service fields. All extended event schema fields with the KL_ prefix are service fields and can be managed only from Kaspersky servers. We do not recommend using the KL_ prefix when adding new extended event schema fields.

In this section

Adding extended event schema fields

Editing extended event schema fields

Importing and exporting extended event schema fields

Deleting extended event schema fields

Using extended event schema fields in normalizers

Page top