Field Name
|
Type
|
General Field
|
Description
|
Example
|
Products
|
attachmentFileHashSha256s
|
-
|
|
The SHA-256 of the email attachment
|
|
|
attachmentFileHashes
|
-
|
|
The SHA-1 of the email attachment
|
|
|
attachmentFileName
|
-
|
|
The file name of the email attachment
|
|
|
attachmentFileTlshes
|
-
|
-
|
The TLSH hash detected by Trend Micro Anti-Spam Engine
|
-
|
|
attachmentMd5
|
-
|
|
The MD5 hash of the email attachment
|
|
|
attachmentSha1
|
-
|
|
The SHA-1 hash of the email attachment
|
|
|
attachmentSha256
|
-
|
|
The SHA-256 hash of the email attachment
|
|
|
attachmentSize
|
-
|
-
|
The attachment file size
|
-
|
|
attachmentSource
|
-
|
-
|
The attachment source
|
|
|
attachmentTlsh
|
-
|
-
|
The TLSH hash detected by Trend Micro Anti-Spam Engine
|
|
|
attachmentUrls
|
-
|
-
|
The URLs extracted from the email attachment
|
-
|
|
eventTime
|
-
|
-
|
The time the agent detected the event
|
|
|
filterRiskLevel
|
-
|
-
|
The top-level risk level of the event
|
|
|
mExternalUid
|
-
|
-
|
The unique ID of the email
|
|
|
mailAttachmentHash
|
-
|
|
The hash value of the email attachment
|
|
|
mailBccAddresses
|
-
|
|
The BCC address in the email header
|
|
|
mailCacheId
|
-
|
-
|
The internal email cache ID to identify emails in the same group mails
|
|
|
mailCcAddresses
|
-
|
|
The CC address in the email header
|
|
|
mailDirection
|
-
|
-
|
The email traffic direction
|
|
|
mailEurekaRuleIds
|
-
|
-
|
The list of rule IDs scanned by Eureka and detected by Trend Micro Anti-Spam Engine
|
|
|
mailFeatureId
|
-
|
-
|
The email protocol detected by Trend Micro Anti-Spam Engine
|
-
|
|
mailFolder
|
-
|
-
|
The email folder name
|
|
|
mailFromAddresses
|
-
|
|
The Mail From address in the email header
|
|
|
mailHeaderHash
|
-
|
-
|
The email header hash detected by Trend Micro Anti-Spam Engine
|
|
|
mailHelo
|
-
|
-
|
The HELO command detected by Trend Micro Anti-Spam Engine
|
|
|
mailMetaData
|
-
|
-
|
The email metadata
|
|
|
mailMetaText
|
-
|
-
|
The postman meta text detected by Trend Micro Anti-Spam Engine
|
|
|
mailMetaTraceId
|
-
|
-
|
The trace ID generated by Trend Micro Feedback Engine
|
|
|
mailMsgId
|
-
|
|
The email ID
|
|
|
mailMsgSubject
|
-
|
|
The email subject
|
|
|
mailReplyToAddresses
|
-
|
-
|
The Reply To address detected by Trend Micro Anti-Spam Engine
|
|
|
mailRuleId
|
-
|
-
|
The rule ID of the matched rule detected by Trend Micro Anti-Spam Engine
|
|
|
mailScore
|
-
|
-
|
The score assigned to the email by Trend Micro Anti-Spam Engine
|
-
|
|
mailSenderIp
|
-
|
-
|
The email sender IP address
|
|
|
mailSmtpFromAddresses
|
-
|
-
|
The sender email address
|
|
|
mailSmtpOriginalRecipients
|
-
|
-
|
The original email recipients in the SMTP envelope
|
|
|
mailSmtpRecipients
|
-
|
-
|
The email recipients in the SMTP envelope after scanning
|
|
|
mailSmtpTls
|
-
|
-
|
The SMTP TLS version number
|
|
|
mailSourceDomain
|
-
|
-
|
The email domain of the sender
|
|
|
mailTagHash
|
-
|
-
|
The email tag hash detected by Trend Micro Anti-Spam Engine
|
|
|
mailTagHashRawSignature
|
-
|
-
|
The raw signature hash of the email
|
|
|
mailTextHash
|
-
|
-
|
The email text hash detected by Trend Micro Anti-Spam Engine
|
|
|
mailThreatType
|
-
|
-
|
The type of email detected by Trend Micro Anti-Spam Engine
|
|
|
mailToAddresses
|
-
|
|
The Mail To address in the email header
|
|
|
mailUrlHash
|
-
|
-
|
The email URL hash detected by Trend Micro Anti-Spam Engine
|
|
|
mailUrlsOriginalLink
|
-
|
-
|
The original URL extracted from the email content
|
|
|
mailUrlsRealLink
|
-
|
|
The URL extracted from the email content
|
|
|
mailUrlsVisibleLink
|
-
|
|
The URL extracted from the email content
|
|
|
mailUserAgent
|
-
|
-
|
The user agent
|
|
|
mailWantedHeaderName
|
-
|
-
|
The WantedHeader key name detected by Trend Micro Anti-Spam Engine
|
|
|
mailWantedHeaderValue
|
-
|
-
|
The WantedHeader key value detected by Trend Micro Anti-Spam Engine
|
|
|
mailWholeHeader
|
-
|
-
|
The name and email address of the sender in the From header detected by Trend Micro
Anti-Spam Engine
|
|
|
mailXMailer
|
-
|
-
|
The X-Mailer header of the email
|
|
|
mailbox
|
-
|
-
|
The primary email address
|
|
|
msgUuid
|
-
|
-
|
The internal email UUID to identify each email message
|
|
|
msgUuidChain
|
-
|
-
|
The internal UUID chain for each email in Trend Micro Feedback Engine
|
|
|
orgId
|
-
|
-
|
The organization ID
|
|
|
pname
|
-
|
-
|
The internal product code (deprecated)
|
|
|
policyTreePath
|
-
|
-
|
The policy tree path (endpoint only)
|
|
|
productCode
|
-
|
-
|
The product code of the product that sent the log
|
|
|
scanTs
|
-
|
-
|
The time the email was scanned
|
|
|
scanType
|
-
|
-
|
The manual or real-time scan type
|
|
|
tags
|
-
|
-
|
The detected technique ID based on the alert filter
|
|
|
uuid
|
-
|
-
|
The unique key of the log entry
|
|
|
Views: