Views:
Field Name
Type
General Field
Description
Example
Products
clusterId
  • string
-
The cluster ID of the container
  • TestCluster-2HJdImvH6eO1fgTnCBK3xYA7Sph
  • Trend Cloud One - Container Security
clusterName
  • string
-
The cluster name of the container
  • TestCluster
  • Trend Cloud One - Container Security
containerId
  • string
-
The Kubernetes container ID
  • 7d1e00176d78
  • Trend Cloud One - Container Security
containerImage
  • string
-
The Kubernetes container image
  • debian:latest
  • Trend Cloud One - Container Security
containerName
  • string
-
The Kubernetes container name
  • k8s_democon_longrunl_default_11111111-1111-1111-1111-111111111111_0
  • Trend Cloud One - Container Security
dpt
  • int32
  • Port
The destination port
-
  • Trend Cloud One - Container Security
dst
  • string
  • IPv4
  • IPv6
The destination IP
  • ::
  • 10.10.10.10
  • Trend Cloud One - Container Security
eventId
  • enum_TelemetryHeader.TELEMETRY_EVENT_ID
-
The event type
-
  • Trend Cloud One - Container Security
eventSubId
  • enum_TelemetryHeader.TELEMETRY_EVENT_SUB_ID
-
The access type
  • 2 - TELEMETRY_PROCESS_CREATE
  • 101 - TELEMETRY_FILE_CREATE
  • 204 - TELEMETRY_CONNECTION_CONNECT_OUTBOUND
  • Trend Cloud One - Container Security
eventTime
  • int64
-
The time the agent detected the event
  • 1657781088000
  • Trend Cloud One - Container Security
filterRiskLevel
  • string
-
The top-level risk level of the event
  • info
  • low
  • medium
  • Security Analytics Engine
groupId
  • string
-
The group ID for the management scope filter
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
k8sNamespace
  • string
-
The Kubernetes namespace of the container
  • default
  • Trend Cloud One - Container Security
k8sPodId
  • string
-
The Kubernetes pod ID of the container
  • 11111111-1111-1111-1111-111111111111
  • Trend Cloud One - Container Security
k8sPodName
  • string
-
The Kubernetes pod name of the container
  • longrunl
  • Trend Cloud One - Container Security
logReceivedTime
  • int64
-
The time when the XDR log was received
  • 1656324260000
  • Security Analytics Engine
objectFilePath
  • string
  • FileFullPath
  • FileName
The file path of the target process image or target file
  • /usr/bin/bash
  • /bin/bash
  • /opt/folder1/probes/system/processes/processes
  • Trend Cloud One - Container Security
objectUser
  • string
  • UserAccount
The owner name of the target process or the sign-in user name
  • root
  • SYSTEM
  • oracle
  • Trend Cloud One - Container Security
parentCmd
  • string
  • CLICommand
The command line entry of the parent process
  • C:\WINDOWS\system32\services.exe
  • C:\Windows\system32\services.exe
  • /sbin/launchd
  • Trend Cloud One - Container Security
parentFilePath
  • string
  • FileFullPath
  • FileName
The file path of the parent process
  • c:\windows\system32\services.exe
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • Trend Cloud One - Container Security
parentPid
  • int32
-
The PID of the parent process
  • 4
  • 1
  • 784
  • 792
  • Trend Cloud One - Container Security
processCmd
  • string
  • CLICommand
The command line entry of the subject process
  • C:\WINDOWS\system32\services.exe
  • C:\Windows\system32\services.exe
  • /sbin/launchd
  • Trend Cloud One - Container Security
processFilePath
  • string
  • ProcessFullPath
The file path of the subject process
  • c:\windows\system32\services.exe
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • Trend Cloud One - Container Security
processName
  • string
  • ProcessName
The image name of the process that triggered the event
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • c:\windows\system32\lsass.exe
  • Trend Cloud One - Container Security
processPid
  • int32
-
The PID of the subject process
  • 4
  • 1
  • 784
  • 792
  • Trend Cloud One - Container Security
productCode
  • string
-
The internal product code
  • scs
  • Security Analytics Engine
pver
  • string
-
The product version
  • 1.2.0.2752
  • 1.0.345
  • 1.2.0.2657
  • Trend Cloud One - Container Security
spt
  • int32
  • Port
The source port
  • 53
  • 5353
  • 443
  • Trend Cloud One - Container Security
src
  • string
  • IPv4
  • IPv6
The source IP
  • ::
  • 10.10.10.10
  • Trend Cloud One - Container Security
srcFilePath
  • string
  • FileFullPath
  • FileName
The source file path
  • \\cnva-apps\megaclockprod\traveler\travelerprint.accdb
  • c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml
  • q:\a7_dbs\a4_pkg\a4_packaging.accde
  • Trend Cloud One - Container Security
tags
  • string[]
  • Technique
  • Tactic
The detected ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
  • Security Analytics Engine
  • Trend Cloud One - Container Security
uuid
  • string
-
The unique key of the log
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine