|
Nein.
|
Google SecOps UDM-Feld
|
Trend Vision One-Feld
|
Notizen
|
|
1
|
metadata.event_type
|
|
|
|
2
|
metadata.vendor_name
|
TREND VISION ONE AKTIVITÄT
|
|
|
3
|
metadata.product_name
|
TREND VISION ONE AKTIVITÄT
|
|
|
4
|
metadata.product_log_id
|
uuid
|
|
|
5
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"wert: {uuid}
|
|
6
|
metadata.product_log_id
|
msgUuid
|
|
|
7
|
metadata.erfassungszeitstempel
|
logEmpfangszeit
|
|
|
8
|
metadata.event_timestamp
|
Ereigniszeit
|
|
|
9
|
zusätzliche.Felder
|
eventID
|
key: "Ereignis-ID"value: {eventID}
|
|
10
|
zusätzliche.Felder
|
app
|
key: "app"value: {app}
|
|
11
|
zusätzliche.Felder
|
appLabel
|
key: "appLabel"value: {appLabel}
|
|
12
|
zusätzliche.Felder
|
Anwendung
|
key: "Anwendung"value: {application}
|
|
13
|
metadata.product_event_type
|
Ereignistyp
|
|
|
14
|
metadata.produktversion
|
pver
|
|
|
15
|
Sicherheitsbewertung.Schweregrad_Details
|
filterRiskLevel
|
|
|
16
|
zusätzliche.Felder
|
productCode
|
key: "Produktcode"value: {productCode}
|
|
17
|
metadata.product_name
|
pname
|
|
|
18
|
metadata.product_name
|
idpName
|
|
|
19
|
metadata.product_event_type
|
eventName
|
|
|
20
|
principal.ip
|
Quell-IP-Adresse
|
|
|
21
|
src.ip
|
Quell-IP-Adresse
|
|
|
22
|
principal.ip
|
src
|
|
|
23
|
src.ip
|
src
|
|
|
24
|
principal.ip
|
dst
|
|
|
25
|
ziel.ip
|
dst
|
|
|
26
|
src.port
|
spt
|
|
|
27
|
target_udm.port
|
dpt
|
|
|
28
|
principal.user.userid
|
ObjektBenutzer
|
|
|
29
|
target_udm.benutzer.benutzerid
|
ObjektBenutzer
|
|
|
30
|
target_udm.file.full_path
|
objectFilePath
|
|
|
31
|
target_udm.file.md5
|
objectFileHashMd5
|
|
|
32
|
target_udm.file.sha1
|
objectDateiHashSha1
|
|
|
33
|
target_udm.file.sha256
|
objectFileHashSha256
|
|
|
34
|
target_udm.file.last_modification_time
|
objectFileModifiedTime
|
|
|
35
|
target_udm.file.first_seen_time
|
objectFirstSeen
|
|
|
36
|
target_udm.file.last_seen_time
|
objectLastSeen
|
|
|
37
|
target_udm.process.integrity_level_rid
|
Objektintegritätsstufe
|
|
|
38
|
target_udm.ip
|
objectIp
|
|
|
39
|
target_udm.ip
|
objectIps
|
|
|
40
|
target_udm.process.pid
|
objectPid
|
|
|
41
|
target_udm.port
|
ObjektPort
|
|
|
42
|
target_udm.registry.registry_value_data
|
Objektregisterdaten
|
|
|
43
|
target_udm.registry.registry_key
|
objectRegistryKeyHandle
|
|
|
44
|
target_udm.registry.registry_value_name
|
Objektregisterwert
|
|
|
45
|
target_udm.file.size
|
Objektdateigröße
|
|
|
46
|
zusätzliche.Felder
|
vpcEndpointId
|
key: "vpcEndpointId"value: {vpcEndpointId}
|
|
47
|
zusätzliche.Felder
|
apiVersion
|
key: "apiVersion"value: {apiVersion}
|
|
48
|
zusätzliche.Felder
|
key: "awsRegion"value: {awsRegion}
|
|
|
49
|
zusätzliche.Felder
|
key: "empfängerKontoId"value: {recipientAccountId}
|
|
|
50
|
principal.hostname
|
endpointHostName
|
|
|
51
|
principal.asset.hostname
|
endpointHostName
|
|
|
52
|
principal.mac
|
endpointMacAddress
|
|
|
53
|
Hauptgerät.mac
|
endpointMacAddress
|
|
|
54
|
principal.asset.asset_id
|
endpointGuid
|
|
|
55
|
principal.ip
|
EndpunktIp
|
|
|
56
|
principal.asset.ip
|
EndpunktIp
|
|
|
57
|
principal.domain.name
|
hostName
|
|
|
58
|
principal.process.integrity_level_rid
|
Integritätsstufe
|
|
|
59
|
src.process.command_line
|
processCmd
|
|
|
60
|
Ziel_udm.prozess.befehlszeile
|
objectCmd
|
|
|
61
|
src.file.full_path
|
srcFilePath
|
|
|
62
|
src.file.md5
|
srcFileHashMd5
|
|
|
63
|
src.file.sha1
|
srcDateiHashSha1
|
|
|
64
|
src.file.sha256
|
srcDateiHashSha256
|
|
|
65
|
src.file.size
|
srcFileSize
|
|
|
66
|
src.file.last_modification_time
|
srcFileModifiedTime
|
|
|
67
|
src.file.first_seen_time
|
srcFirstSeen
|
|
|
68
|
src.file.last_seen_time
|
srcLastSeen
|
|
|
69
|
principal.process.file.full_path
|
processFilePath
|
|
|
70
|
principal.process.file.names
|
Prozessname
|
|
|
71
|
principal.process.pid
|
processPid
|
|
|
72
|
principal.process.file.md5
|
processFileHashMd5
|
|
|
73
|
principal.process.file.sha1
|
processFileHashSha1
|
|
|
74
|
principal.process.file.sha256
|
processFileHashSha256
|
|
|
75
|
principal.process.parent_process.pid
|
parentPid
|
|
|
76
|
principal.process.parent_process.command_line
|
parentCmd
|
|
|
77
|
principal.process.parent_process.file.full_path
|
parentFilePath
|
|
|
78
|
principal.process.parent_process.file.names
|
parentName
|
|
|
79
|
principal.process.parent_process.file.md5
|
parentFileHashMd5
|
|
|
80
|
principal.process.parent_process.file.sha1
|
parentFileHashSha1
|
|
|
81
|
principal.process.parent_process.file.sha256
|
parentFileHashSha256
|
|
|
82
|
principal.process.parent_process.integrity_level_rid
|
parentIntegrityLevel
|
|
|
83
|
target_udm.url
|
Anforderung
|
|
|
84
|
target_udm.url
|
Anfragen
|
|
|
85
|
src.ip
|
publicSrc
|
|
|
86
|
src.port
|
publicSpt
|
|
|
87
|
zusätzliche.Felder
|
clusterId
|
key: "Cluster-ID" value: {clusterId}
|
|
88
|
zusätzliche.Felder
|
clusterName
|
key: "Clustername"value: {clusterName}
|
|
89
|
zusätzliche.Felder
|
k8sNamespace
|
key: "k8sNamespace"value: {k8sNamespace}
|
|
90
|
netzwerk.email.mail_id
|
msgId
|
|
|
91
|
security_result.about.email
|
Postfach
|
|
|
92
|
netzwerk.email.von
|
mailFromAddresses
|
|
|
93
|
netzwerk.email.von
|
suser
|
|
|
94
|
netzwerk.email.an
|
duser
|
|
|
95
|
netzwerk.email.an
|
mailToAddresses
|
|
|
96
|
netzwerk.email.cc
|
mailCcAdressen
|
|
|
97
|
netzwerk.email.bcc
|
mailBccAdressen
|
|
|
98
|
netzwerk.email.antwort_an
|
mailReplyToAddresses
|
|
|
99
|
netzwerk.email.betreff
|
mailMsgSubject
|
|
|
100
|
security_result.risiko_score
|
mailScore
|
|
|
101
|
src.ip
|
mailSenderIp
|
|
|
102
|
principal.user.userid
|
principalName
|
|
|
103
|
über.dateinamen
|
attachmentFileName
|
|
|
104
|
zusätzliche.Felder
|
attachmentSha256
|
key: "attachmentSha256"value: {attachmentSha256}
|
|
105
|
zusätzliche.Felder
|
attachmentSha1
|
key: "attachmentSha1"value: {attachmentSha1}
|
|
106
|
zusätzliche.Felder
|
attachmentMd5
|
key: "AnhangMd5"value: {attachmentMd5}
|
|
107
|
zusätzliche.Felder
|
idpId
|
key: "idpId"value: {idpId}
|
|
108
|
principal.ip_location.country_or_region
|
StandortLand
|
|
|
109
|
principal.ip_location.stadt
|
StandortStadt
|
|
|
110
|
principal.ip_location.state
|
Standortstatus
|
|
|
111
|
principal.ip_location.region_coordinates.latitude
|
locationBreitengrad
|
|
|
112
|
principal.ip_location.region_coordinates.longitude
|
locationLongitude
|
|
|
113
|
principal.asset.asset_id
|
clientId
|
|
|
114
|
principal.asset.ip
|
ipAdresse
|
|
|
115
|
principal.user.product_object_id
|
Benutzer-ID
|
|
|
116
|
principal.benutzer.benutzer_anzeigename
|
userDisplayName
|
|
|
117
|
target_udm.resource.id
|
targetResourceId
|
|
|
118
|
target_udm.resource.name
|
Zielressourcenanzeigename
|
|
|
119
|
principal.asset.attribute.labels
|
clientDisplayName
|
key: "clientDisplayName"value: {clientDisplayName}
|
|
120
|
principal.asset.attribute.labels
|
clientOS
|
key: "clientOS"value: {clientOS}
|
|
121
|
principal.asset.hardware.modell
|
endpointModel
|
|
|
122
|
security_result.action_details
|
act
|
|
|
123
|
netzwerk.tls.version
|
clientTls
|
|
|
124
|
network.tls.verschlüsselung
|
tlsAusgewählterChiffre
|
|
|
125
|
src.hostname
|
clientHost
|
|
|
126
|
src.hostname
|
shost
|
|
|
127
|
target_udm.hostname
|
serverHost
|
|
|
128
|
target_udm.hostname
|
dhost
|
|
|
129
|
Netzwerk.Anwendungsprotokoll
|
clientProtocol
|
|
|
130
|
netzwerk.anwendungsprotokoll_version
|
clientProtocol
|
|
|
131
|
netzwerk.http.methode
|
requestMethod
|
|
|
132
|
network.http.referral_url
|
httpReferer
|
|
|
133
|
network.http.user_agent
|
Benutzeragent
|
|
|
134
|
network.http.response_code
|
respCode
|
|
|
135
|
target_udm.ip
|
resolvedUrlIp
|
|
|
136
|
target_udm.port
|
gelösteUrlPort
|
|
|
137
|
security_result.bedrohungsname
|
malName
|
|
|
138
|
security_result.erkennungsfelder
|
Erkennungstyp
|
key: "Erkennungstyp"value: {detectionType}
|
|
139
|
principal.asset.asset_id
|
deviceGUID
|
|
|
140
|
Sicherheitsergebnis.regel_typ
|
Regeltyp
|
|
|
141
|
security_result.rule_id
|
ruleUuid
|
|
|
142
|
security_result.rule_name
|
RegelName
|
|
|
143
|
security_result.rule_id
|
Regel-ID
|
|
|
144
|
target_udm.ip
|
serverIp
|
|
|
145
|
target_udm.port
|
serverPort
|
|
|
146
|
target_udm.mac
|
serverMAC
|
|
|
147
|
target_udm.mac
|
dmac
|
|
|
148
|
src.ip
|
clientIp
|
|
|
149
|
src.port
|
clientPort
|
|
|
150
|
src.mac
|
clientMAC
|
|
|
151
|
src.mac
|
smac
|
Ansichten: