A relationships is a link between object and event tables and is specified in a with clause.

connection  

  • device

  • user

  • binary

  • executable

  • application

  • destination

  • port

  • service


device_activity  

  • device


device_error  

  • device


device_performance  

  • device


device_warning  

  • device


execution  

  • device

  • user

  • binary

  • executable

  • application


execution_error  

  • device

  • user

  • binary

  • executable

  • application


execution_warning  

  • device

  • user

  • binary

  • executable

  • application


installation  

  • device

  • package


network_scan  

  • device

  • user

  • binary

  • executable

  • application

  • port


port_scan  

  • device

  • user

  • binary

  • executable

  • application

  • destination


printout  

  • device

  • user

  • printer


session_performance  

  • device

  • user


user_activity  

  • device

  • user


web_request  

  • device

  • user

  • binary

  • executable

  • application

  • destination

  • port

  • domain

  • url_path

  • service


package  

  • device

  • package