Provides general information about threats detected by Attack Discovery
Data |
Description |
---|---|
Object Value |
The name of the object targeted by the detected threat |
Object Type |
The type of object targeted by the detected threat |
First Logged |
The time when the threat detection was first logged by Attack Discovery |
File Directory |
The directory of the object targeted by the detected threat |
Process ID |
The PID of the process |
CLI Command |
The process command that triggered the threat detection |
Signer |
The certificate signer |
User Domain |
The domain name of the detected user account |
User Name |
The account name associated with the object |
Impersonated User Name |
The user name that the threat impersonated |
Authentication ID |
The local unique identifier assigned to the logon session |
Integrity Level |
The level of protection or access assigned to the logon user |
File SHA-1 |
The SHA-1 hash value of the object file |
File SHA-256 |
The SHA-256 hash value of the object file |
File MD5 |
The MD5 hash value of the object file |
Census Rating |
The rating determined by Trend Micro threat experts based on the recorded history of the file |
File Security Owner |
The current owner of the file according to the file properties |
File Security Owner Domain |
The domain of the current owner of the file according to the file properties |
File Security Previous Owner |
The previous owner of the file according to the file properties |
File Security Previous Owner Domain |
The domain of the previous owner of the file according to the file properties |
Registry Key |
The registry key that the threat accessed |
Registry Value Name |
The registry value name that the threat accessed |
Registry Value Data |
The registry value data that the threat accessed |
AMSI App Name |
The application name or scripting language associated with the threat |
AMSI App Full Path |
The full path of the application associated with the threat |
AMSI App Version |
The application version associated with the threat |
AMSI Script Source |
The file name and extension of the script source |
AMSI Script Content |
The content of the script |
AMSI Script Source SHA-1 |
The SHA-1 hash value of the script source |
AMSI Script Source SHA-256 |
The SHA-256 hash value of the script source |
Source IP Address |
The source IP address of the detected threat |
Source IP Address Port |
The source IP address port number of the detected threat |
Destination IP Address |
The IP address that the threat accessed |
Destination IP Address Port |
The IP port number that the threat accessed |
Destination URL |
The URL that the threat accessed |
Destination Domain |
The domain name that the threat accessed |
WMI Event |
The WMI event information associated with the threat |
Windows Event Source |
The name of the software that logged the event according to the Windows Event Logs |
Windows Event Log Content |
The Windows Event log content that triggered the detection |
Auth Priv Name |
The Authorization Privilege Name that the threat modified |
Auth Priv Attribute |
The Authorization Privilege Attribute that the threat modified |
Auth Priv Disable All |
The status of the Authorization Privilege Disable All that the threat modified |