BlackFog collects a wide range of information int he Enterprise console. Some of this data can be hidden based on settings within each tenant record. In addition BlackFog also enriches and analyzes this data for even more statistics and correlates this with man other meta data services.
Device Data (non enriched)
| Data | Description |
|---|---|
| architecture | System processor architecture |
| blackfog | BlackFog version number |
| memory | Memory Size |
| name | Device name |
| processors | Processor count |
| product | System product name |
| systemos | Operating system name |
| systemver | Operating system version number |
| group | Device group name |
| vendor | Vendor name of device |
| domain | If device belongs to a domain controller and its name |
Event Data (non enriched)
| Data | Description |
|---|---|
| category | Encoded threat category |
| description | Raw event description |
| deviceid | BlackFog orginated deviceid |
| devicename | Device name |
| hostip | IP address |
| mitreid | Mitre attack code |
| pid | Originating process id |
| port | Exfiltration port |
| process | Process name |
| timestamp | Time of event |
| country_code | 2 letter country code |
| country_name | Country name |
| longitude | Longitude |
| latitude | Latitude |