This view is available with Lacework data share v.2 and later.
This view provides the W5 information (such as process, machine, etc details) about generated events (alerts).
When Lacework generates an event (alert), it returns a row in the Alert_DETAILS_V view with information about the event.
Each row contains file information as listed in the columns.
|Column Name||Data Type||Description|
|START_TIME||Timestamp||The time and date when the hourly aggregation time period starts.|
|END_TIME||Timestamp||The time and date when the hourly aggregation time period ends.|
|EVENT_TYPE||Text||The type/title of the alert.|
|EVENT_ID||Number||The unique identifier generated for this Event by Lacework.|
|EVENT_MODEL||Text||The data model used for generating the alert.|
|EVENT_ACTOR||Text||The event actor that categorizes the type of an alert such as application, process, files, etc.|
|ENTITY_MAP||JSON Object||The entity map lists all the entities of the alert which are further classified in KEYS AND PROPS.|