|
Field
|
General Field
|
Example
|
Notes
|
|
act
|
|
allow
|
Rule action
|
|
application
|
|
The Secure HyperText Transfer Protocol
|
Name of the application requested
|
|
detectionType
|
|
Not match any rule
|
The reason the TMWS Scanner took action
|
|
dst
|
IPv4
|
192.0.2.0
|
Server ip, Client ip
|
|
fileHash
|
FileSHA1
|
98A9A1C8F69373B211E5F1E303BA8762F44BC898
|
SHA1 of the file
|
|
malName
|
|
BadZipFile
|
Name of the malware detected
|
|
mimeType
|
|
/
|
MIME type(a two-part identifier for file formats and format contents transmitted)
of the traffic
|
|
pname
|
|
Trend Micro Web Security
|
Name of application request
|
|
policyName
|
|
default
|
Rule name, name of the cloud access rule triggered
|
|
principalName
|
|
john.doe@example.com
|
User principal name
|
|
profile
|
|
default
|
Name of the Threat Protection template or Data Loss Prevention profile
triggered
|
|
request
|
|
/
|
URL(Uniform Resource Locator) of the traffic
|
|
requestBase
|
DomainName
|
self.events.data.microsoft.com
|
URL domain
|
|
rt_utc
|
|
1627558859
|
UTC timestamp
|
|
score
|
|
Safe
|
Web Reputation Services score
|
|
sender
|
|
TMWS Gateway TW
|
TMWS gateways where the web traffic passed
|
|
src
|
IPv4
|
192.0.2.0
|
Server ip, Client ip
|
|
suid
|
UserAccount
|
john_doe
|
User name (Display Name) or IP address (IPv4)
|
|
trafficSize
|
|
422
|
Http request (POST, PUT) or http response (GET) body size
|
|
urlCat
|
|
Web Advertisement
|
URL category
|
|
userDepartment
|
|
TMWS
|
|
|
userDomain
|
|
tmws-stg-demo.com
|
Active directory domain, domain of user email for logging in TMWS Scanner
|
Views: