Skip to content

Chronicle Unified Data Model

This document contains a generated list of all supported Chronicle UDM Fields and their descriptions pulled from the underlying schema. Chronicle's own documentation on this list exists on the chronicle-documentation site.

Some fields that exist within UDM are arrays, these are marked with a [n] to annotate this. If a field type is of the type Enum it is required that you select a value from the table of possible enum's.

Depending on the metadata.event_type that is selected there are additional required fields depending on the event type. Chronicle has documented these required fields on the chronicle-documentation site.