Views:

Review the type of data and format shared to your S3 buckets by Third-Party Integration.

Note
Note
Sending activity data to an S3 bucket requires Trend Vision One credits. Configure the data allowance for transferring activity data and manage credit allocation in the Credit Usage app.
Data
Output Path
Notes
Workbench alerts
/workbench/packages/customerId={CUSTOMER_ID}/pipelineId={PIPELINE_ID}/workbenchId={WORKBENCH_ID}/eventType={EVENT_TYPE}/{PACKAGE_ID}.json.gz
  • CUSTOMER_ID: Customer ID in UUID format
  • PIPELINE_ID: Back-end pipeline ID in UUID format
  • WORKBENCH_ID: Workbench ID given in the following format:
    WB-{COMPANY_ID}-{DATE}-{SERIAL_NUMBER}
    • COMPANY_ID: A unique integer for each company
    • DATE: UTC+0 in "yyyyMMDD" format
    • SERIAL_NUMBER
      : Automatically generated number for each Workbench created
  • EVENT_TYPE: Action taken or performed on the Workbench:
    • WORKBENCH_CREATED
    • WORKBENCH_UPDATED
    • WORKBENCH_FP_REMOVED
  • PACKAGE_ID: Package ID in UUID format
Observed Attack Techniques
/oat/packages/customerId={CUSTOMER_ID}/pipelineId={PIPELINE_ID}/dateHour={DATE_HOUR}/{PACKAGE_ID}.json.gz
  • CUSTOMER_ID: Customer ID in UUID format
  • PIPELINE_ID: Back-end pipeline ID in UUID format
  • DATE_HOUR: UTC+0 in "yyyyMMDDHH" format
  • PACKAGE_ID: Package ID in UUID format
Activity
/activity/packages/customerId={CUSTOMER_ID}/pipelineId={PIPELINE_ID}/dateHour={DATE_HOUR}/{PACKAGE_ID}.json.gz
Detections
/detection/packages/customerId={CUSTOMER_ID}/pipelineId={PIPELINE_ID}/dateHour={DATE_HOUR}/{PACKAGE_ID}.json.gz