Identity and Access Activity Data | Trend Micro Service Central

Views:

Field Name	Type	General Field	Description	Example	Products
actionName	-	-	The user or service action	`Create User` `Add member to group` `Update application`	Microsoft Entra ID
clientApp	-	-	The app that the client accessed	`browser` `Mobile Apps and Desktop clients`	Microsoft Entra ID
clientBrowser	-	-	The client browser	`Chrome 119.0.0`	Microsoft Entra ID
clientDisplayName	-	EndpointName	The client display name	`DESKTOP-TKOS222`	Microsoft Entra ID
clientId	-	-	The unique client device ID	`9b1c6295-faa8-40f3-95ce-8065c0702e8f`	Microsoft Entra ID
clientOS	-	-	The client OS	`Windows`	Microsoft Entra ID
correlationId	-	-	The correlation ID	`7f545dec-5f3b-443f-9f2e-282499deaaef`	Microsoft Entra ID
eventAdditionalDetails	-	-	The raw data string that contains additional information	`[{"key": "User-Agent","value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)"}]`	Microsoft Entra ID
eventCategory	-	-	The resource category targeted by the event	`UserManagement` `ApplicationManagement`	Microsoft Entra ID
eventId	-	-	The identity provider event ID	`1 - EVENT_SOURCE_AAD_SIGN_INS` `2 - EVENT_SOURCE_AAD_DIR_AUDIT`	Microsoft Entra ID
eventName	-	-	The identity provider event name	`4624` `aad_signin`	Microsoft Entra ID
eventTime	-	-	The time the identity provider detected the event	`1657781088000`	Microsoft Entra ID
filterRiskLevel	-	-	The top-level risk level of the event	`info` `low` `medium`	Security Analytics Engine
idpId	-	-	The internal product code of the identity provider	`aad` `opa`	Microsoft Entra ID
idpName	-	-	The identity provider	`Microsoft Entra ID` `Microsoft Active Directory` `google`	Microsoft Entra ID
initiatedByAppDisplayName	-	-	The application display name	`Microsoft Intune`	Microsoft Entra ID
initiatedByAppId	-	-	The resource category targeted by the event	`00000003-0000-0000-c000-000000000000`	Microsoft Entra ID
initiatedByServicePrincipalId	-	-	The unique ID of the service principal	`00000003-0000-0000-c000-000000000000`	Microsoft Entra ID
initiatedByServicePrincipalName	-	-	The unique ID of the service principal	`Microsoft Intune`	Microsoft Entra ID
initiatedByUserDisplayName	-	UserAccount	The user display name	`Clark Shao`	Microsoft Entra ID
initiatedByUserHomeTenantId	-	-	The tenant ID of the user		Microsoft Entra ID
initiatedByUserHomeTenantName	-	-	The tenant ID of the user		Microsoft Entra ID
initiatedByUserId	-	UserAccount	The unique ID of the user who initiated the event		Microsoft Entra ID
initiatedByUserIpAddress	-	IPv4 IPv6	The client IP of the user	`123.123.123.123`	Microsoft Entra ID
initiatedByUserPrincipalName	-	UserAccount	The User Principal Name of the user	`test@trendmicro.com`	Microsoft Entra ID
ipAddress	-	IPv4 IPv6	The client IP	`10.10.10.10`	Microsoft Entra ID
locationCity	-	-	The city where the event happened	`Singapore`	Microsoft Entra ID
locationCountry	-	-	The country where the event happened	`US` `TW`	Microsoft Entra ID
locationLatitude	-	-	The latitude of the event location	`121.568`	Microsoft Entra ID
locationLongitude	-	-	The longitude of the event location	`121.568`	Microsoft Entra ID
locationState	-	-	The state where the event happened	`Central Singapore`	Microsoft Entra ID
logBatchId	-	-	The batch data retrieval process ID	`0c4d9afc-e967-4058-a0dd-92e00c413fa1`	Microsoft Entra ID
loggedByService	-	-	The service that initiated the event	`Core Directory`	Microsoft Entra ID
operationType	-	-	The operation performed in the event	`Add` `Assign` `Update`	Microsoft Entra ID
orgId	-	-	The organization ID	`123b703a-2f9f-436d-a46b-be516f70df32`	Microsoft Entra ID
pname	-	-	The internal product ID	`2200` `751` `533`	Microsoft Entra ID
policyTreePath	-	-	The policy tree path (endpoint only)	`policyname1/policyname2/policyname3`	Security Analytics Engine
principalName	-	UserAccount	The User Principal Name	`chin.shun@multibank.com.pa` `leonelc@edsitrend.com` `alcides.cuevas@multibank.com.pa`	Microsoft Entra ID
productCode	-	-	The internal product code of the identity provider	`aad` `opa`	Security Analytics Engine Microsoft Entra ID
requestMethod	-	-	The sign-in authentication method	`[{"authenticationStepDateTime": "2023-11-28T03:44:05Z","authenticationMethod": "Previously satisfied","authenticationMethodDetail": null,"succeeded" : true,"authenticationStepResultDetail": "MFA requirement satisfied by claim in the token","authenticationStepRequirement": ""}]`	Microsoft Entra ID
result	-	-	The event result	`success` `failure` `timeout`	Microsoft Entra ID
resultReason	-	-	The cause of event failure or timeout	`success` `failure` `timeout`	Microsoft Entra ID
status	-	-	The sign-in status result	`0` `50126` `50155`	Microsoft Entra ID
statusDetail	-	-	The additional information about sign-in status	`MFA requirement satisfied by claim in the token`	Microsoft Entra ID
statusReason	-	-	The sign-in status	`Error validating credentials due to invalid username or password.` `Others.`	Microsoft Entra ID
tags	-	Technique Tactic	The attack ID detected by Trend Vision One based on the alert filter	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	Security Analytics Engine
targetResourceDisplayName	-	-	The target resource display name	`Microsoft Graph`	Microsoft Entra ID
targetResourceId	-	-	The target resource ID	`00000003-0000-0000-c000-000000000000`	Microsoft Entra ID
targetResources	-	-	The targeted resource of the event		Microsoft Entra ID
tenantId	-	-	The Microsoft Entra ID Tenant ID of the organization	`b7eb1def-29e1-44bf-bdaa-cd104bf7860a`	Microsoft Entra ID
userAgent	-	-	The user agent	`Microsoft.OData.Client/7.12.5` `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36`	Microsoft Entra ID
userDisplayName	-	UserAccount	The user display name	`Test User(RD-TW)`	Microsoft Entra ID
userId	-	UserAccount	The user ID	`9b1c6295-faa8-40f3-95ce-8065c0702e8f`	Microsoft Entra ID
uuid	-	-	The unique key of the log entry	`0000116b-ac61-48d2-89e1-3d1ce2d13cdd` `000017f4-ac10-43b4-8aef-97158e0f8533` `0000230c-15d8-428c-b707-ddb77cb9ed33`	Security Analytics Engine