...
| Event Property | Description | Example |
|---|---|---|
| duplicateof | list of Event IDs that this one is a duplicate of | |
| nodes | lists nodes that caused this synthetic event | |
| eventids | list of Event IDs that were involved in causing this synthetic event | |
delayedaction | Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
| action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
| <scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
| synthetic | whether this event was created by a correlation policy action | 0 or 1 |