Views:
Field Name
Type
General Field
Description
Example
Products
act
  • string
-
The action
  • Allow
  • Block
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
action
  • string
-
The traffic processing action
  • ACCEPT
  • REJECT
  • XDR for Cloud - AWS VPC Flow Logs
app
  • string
-
The network protocol
  • HTTP
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
application
  • string
-
The name of the requested application
  • Facebook
  • wiki
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
archFiles
  • object_ArchFileInfo[]
-
The file information extracted from detected files
  • -
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
authType
  • string
-
The authorization type
  • Cookie
  • Trend Vision One Zero Trust Secure Access Internet Access
azId
  • string
-
The Availability Zone ID
  • apse2-az3
  • XDR for Cloud - AWS VPC Flow Logs
bytes
  • int64
-
The number of transmitted data bytes
  • 15044
  • XDR for Cloud - AWS VPC Flow Logs
clientGroup
  • string
-
The client IP network group
  • myCompany
  • myGroup
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
clientHost
  • string
-
The client IP hostname
  • sample.test.com
  • sample.tw.test.org
  • Virtual Network Sensor
clientIp
  • string
  • IPv4
  • IPv6
The endpoint IP
  • 10.10.10.10
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
clientMAC
  • string
-
The client MAC address
  • 00-00-00-ff-ff-ff
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
clientPort
  • uint32
  • Port
The client port
  • 5566
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
clientProtocol
  • string
-
The client protocol
  • HTTP/1.1
  • Trend Vision One Zero Trust Secure Access Internet Access
clientTls
  • string
-
The transport layer security of the client
  • TLS 1.2
  • Trend Vision One Zero Trust Secure Access Internet Access
cloudAccountId
  • string
-
The owner AWS account ID of the source network interface (account-id)
  • 123456789012
  • XDR for Cloud - AWS VPC Flow Logs
cloudAppCat
  • string
-
The category of the event in Cloud Reputation Service
  • All
  • Online Service
  • Application Suite
  • Business Intelligence and Analytics
  • Cloud Computing Platform
  • Trend Vision One Zero Trust Secure Access Internet Access
cnt
  • int64
-
The total number of logs
  • 1
  • 2
  • 3
  • Palo Alto Networks Next-Generation Firewalls
companyName
  • string
-
The company name
  • Trend Micro
  • Trend Vision One Zero Trust Secure Access Private Access
contentEncoding
  • string
-
The content encoding of the request or the response
  • gzip
  • Trend Vision One Zero Trust Secure Access Internet Access
dOSName
  • string
-
The destination OS
  • Windows
  • Palo Alto Networks Next-Generation Firewalls
dUser1
  • string
  • UserAccount
The latest sign-in user of the destination
  • dhr\m42svc
  • altsvc
  • Palo Alto Networks Next-Generation Firewalls
detectionType
  • string
-
The scan type
  • Not match any rule
  • Access control
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
deviceGUID
  • string
-
The non-endpoint object such as a network appliance
  • 11111111-1111-1111-1111-111111111111
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
dhost
  • string
  • DomainName
The destination hostname
  • sw_us-east-1c_10-124-21-139
  • 10.10.10.10
  • Palo Alto Networks Next-Generation Firewalls
direction
  • string
-
The object transfer direction
  • Download
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
dmac
  • string
-
The destination MAC address
  • 00-00-00-ff-ff-ff
  • Palo Alto Networks Next-Generation Firewalls
dnsQueryType
  • string
-
The record type requested by the DNS protocol
  • A
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
dpt
  • int32
  • Port
The service destination port of the private application server (dstport)
  • 443
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dst
  • string
  • IPv4
  • IPv6
The destination IP (dstaddr)
  • 10.10.10.10
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dstLocation
  • string
-
The destination country
  • Japan
  • Palo Alto Networks Next-Generation Firewalls
dstZone
  • string
-
The destination zone of the Palo Alto Networks firewall session
  • LAB-Small
  • Palo Alto Networks Next-Generation Firewalls
duration
  • int64
-
The time to complete the scan (in milliseconds)
  • 1599465660123
  • Trend Vision One Zero Trust Secure Access Internet Access
duser
  • string[]
  • EmailRecipient
The email recipient
  • sample_email@trendmicro.com
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
dvc
  • string[]
-
The IP address of the Deep Discovery Inspector or Virtual Network Sensor appliance
  • 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
dvchost
  • string
-
The network device hostname
  • my-company-xns
  • my-ddi
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
e2eLatency
  • int64
-
The end-to-end traffic latency time (in milliseconds)
  • 10000
  • Trend Vision One Zero Trust Secure Access Internet Access
endpointGuid
  • string
  • EndpointID
The device GUID
  • 11111111-1111-1111-1111-111111111111
  • DSP84573ULLJHM5GK2R7
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
endpointHostName
  • string
  • EndpointName
The hostname of the device on which the event was detected
  • my_machine
  • jeremy-mbp
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
eventId
  • string
-
The event ID
  • 200139
  • 200140
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventName
  • string
-
The name of the log event
  • SWG_ACTIVITY_LOG
  • FIREWALL_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventSubName
  • string
-
The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks firewall log sub-type
  • OneDrive download file
  • start
  • end
  • drop
  • deny
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
eventTime
  • int64
-
The time the agent or product detected the event
  • 1657135700000
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
failedHTTPSInspection
  • bool
-
The HTTPS traffic inspection failure
  • true
  • Trend Vision One Zero Trust Secure Access Internet Access
fileHash
  • string
  • FileSHA1
The SHA-1 of the file that violated the policy
  • 1e15bf99022a9164708cebb3eace8fd61ad45cba
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
fileHashSha256
  • string
  • FileSHA2
The SHA-256 of the file that violated the policy
  • ba9edecdd09de1307714564c24409bd25508e22fe11c768053a08f173f263e93
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
fileName
  • string
  • FileName
  • FileFullPath
The name of the file that violated the policy
  • word.doc
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
fileSize
  • int64
-
The size of the file that is violating the policy
  • 12134
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
fileType
  • string
-
The type of file which is violating the policy
  • Microsoft Words
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
filterRiskLevel
  • string
-
The top-level risk level of the event
  • info
  • low
  • medium
  • Security Analytics Engine
flowDirection
  • string
-
The network interface traffic direction
  • ingress
  • egress
  • XDR for Cloud - AWS VPC Flow Logs
flowId
  • string
-
The network analysis flow ID
  • 6837014561409730558
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
flowType
  • string
-
The type of traffic (type)
  • IPv4
  • IPv6
  • EFA
  • XDR for Cloud - AWS VPC Flow Logs
ftpTrans
  • object_FTPTrans[]
-
The transaction information of the FTP protocol
  • -
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
groupId
  • string
-
The group ID for the management scope filter
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
hostName
  • string
  • DomainName
  • HostDomain
The hostname
  • NJ-EFFY-ZHAO1
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
httpLocation
  • string
  • URL
The HTTP location header
  • www.google.com.tw
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
httpReferer
  • string
  • URL
The HTTP referrer header
  • www.google.com.tw
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
httpXForwardedFor
  • string
-
The HTTP X-Forwarded-For header
  • 10.10.10.10, 10.10.10.11, 10.10.10.12
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
httpXForwardedForGroup
  • string
-
The X-Forwarded-For IP network group
  • myCompany
  • myGroup
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
httpXForwardedForHost
  • string
-
The X-Forwarded-For IP hostname
  • sample.test.com
  • sample.tw.test.org
  • Virtual Network Sensor
httpXForwardedForIp
  • string
  • IPv4
  • IPv6
The X-Forwarded-For IP used by the network appliance
  • 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
instanceId
  • string
-
The instance ID
  • i-01234567890abcdef
  • XDR for Cloud - AWS VPC Flow Logs
ipProto
  • int32
-
The protocol number (protocol)
  • 6
  • 17
  • XDR for Cloud - AWS VPC Flow Logs
isPrivateApp
  • bool
-
Whether the requested application is private
  • true
  • false
  • Trend Vision One Zero Trust Secure Access Internet Access
isRetroScan
  • bool
-
Whether the event matches the Security Analytics Engine filter
  • true
  • Security Analytics Engine
ja3Hash
  • string
-
The JA3 hash
  • 478e74fad764c966f19c5232c7cdfc5a
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
ja3sHash
  • string
-
The JA3S hash
  • 6d37fb1b3306d6e9f875650d8eb74b4f
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
logReceivedTime
  • int64
-
The time when the XDR log was received
  • 1656324260000
  • Security Analytics Engine
logStatus
  • string
-
The VPC Flow Log status
  • OK
  • NODATA
  • SKIPDATA
  • XDR for Cloud - AWS VPC Flow Logs
mailMsgSubject
  • string
  • EmailSubject
The email subject
  • test
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
malName
  • string
-
The name of the detected malware
-
  • Trend Vision One Zero Trust Secure Access Internet Access
mimeType
  • string
-
The MIME type or content type of the response body
  • text/html
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
msgId
  • string
  • EmailMessageID
The service provider message ID
  • <sample_email@trendmicro.com>
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
networkInterfaceId
  • string
-
The network interface ID (interface-id)
  • eni-01234567890abcdef
  • XDR for Cloud - AWS VPC Flow Logs
objectId
  • string
-
The UUID of the Zero Trust Secure Access private access application
  • 11111111-1111-1111-1111-111111111111
  • Trend Vision One Zero Trust Secure Access Private Access
objectIps
  • string[]
  • IPv4
  • IPv6
The IP address resolved by the DNS protocol
  • 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
originEventSourceType
  • string
-
The source type of the original event which matches the Security Analytics Engine filter
  • EVENT_SOURCE_NETWORK_ACTIVITY
  • Security Analytics Engine
originUUID
  • string[]
-
The UUID of the original event which matches the Security Analytics Engine filter
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
osName
  • string
-
The host OS name
  • Windows 10
  • macos 12.1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
overSsl
  • string
-
Whether the SSL protocol connection exists
  • YES
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
packets
  • int64
-
The number of transmitted data packets
  • 14
  • XDR for Cloud - AWS VPC Flow Logs
pktDstAddr
  • string
  • IPv4
  • IPv6
The packet level destination IP
  • 10.10.10.10
  • XDR for Cloud - AWS VPC Flow Logs
pktDstCloudServiceName
  • string
-
The subset IP address range name for cloud service destination IP (pkt-dst-aws-service)
  • AMAZON
  • EC2
  • ROUTE53
  • XDR for Cloud - AWS VPC Flow Logs
pktSrcAddr
  • string
  • IPv4
  • IPv6
The packet level source IP
  • 10.10.10.10
  • XDR for Cloud - AWS VPC Flow Logs
pktSrcCloudServiceName
  • string
-
The subset IP address range name for cloud service source IP (pkt-src-aws-service)
  • AMAZON
  • EC2
  • ROUTE53
  • XDR for Cloud - AWS VPC Flow Logs
pname
  • string
-
The product name
  • Secure Web Gateway
  • XDR for Cloud - AWS VPC Flow Logs
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
policyName
  • string
-
The name of the triggered policy
  • lab-to-dns
  • small-lab-http-out
  • Palo Alto Networks Next-Generation Firewalls
policyTemplate
  • string[]
-
The Data Loss Prevention template name
  • Australia, New Zealand: Healthcare Template,Germany: Banking and Financial Information
  • Trend Vision One Zero Trust Secure Access Internet Access
policyTreePath
  • string
-
The policy tree path (endpoint only)
  • policyname1/policyname2/policyname3
  • Security Analytics Engine
policyUuid
  • string
-
The policy UUID
  • 11111111-1111-1111-1111-111111111111
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
principalName
  • string
  • UserAccount
The User Principal Name
  • sample_email@trendmicro.com
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
productCode
  • string
-
The internal product code
  • sig
  • szn
  • Security Analytics Engine
  • Palo Alto Networks Next-Generation Firewalls
profile
  • string
-
The name of the triggered Threat Protection template or Data Loss Prevention profile
-
  • Trend Vision One Zero Trust Secure Access Internet Access
pver
  • string
-
The product version
  • 1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
regionCode
  • string
-
The network interface AWS Region
  • ap-southeast-2
  • XDR for Cloud - AWS VPC Flow Logs
reqAppVersion
  • string
-
The client application version number
  • SSH-2.0-OPENSSH_9.0
  • Virtual Network Sensor
reqDataSize
  • uint64
-
The data volume transmitted over the transport layer by the client (in bytes)
  • 15688
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
reqScannedBytes
  • uint64
-
The data volume transmitted by the client (in bytes)
  • 4655
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
request
  • string
  • URL
The destination URL that the user is accessing
  • https://google.com/
  • https://api/example/v1/testit
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestBase
  • string
  • DomainName
  • HostDomain
The URL domain
  • www.facebook.com
  • gary.webserver64.com
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
requestClientApplication
  • string
-
The HTTP user agent
  • Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestDate
  • string
-
The HTTP date header
  • Fri, 20 Oct 2017 06:02:09 GMT
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestHeaders
  • string
-
The list of HTTP headers without sensitive information
  • Host: 10.10.10.10:8080 User-Agent: curl/7.78.0 Accept: */*
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestMethod
  • string
-
The network protocol request method
  • POST
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestMimeType
  • string
-
The type of request content
  • application/json; charset=utf-8
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
requestSize
  • int64
-
The request length
  • 1324
  • Trend Vision One Zero Trust Secure Access Internet Access
requests
  • string[]
  • URL
The URLs of the request
  • www.google.com.tw
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
resolvedUrlGroup
  • string
-
The IP address FQDN network group
  • myCompany
  • myGroup
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
resolvedUrlIp
  • string
  • IPv4
  • IPv6
The IP address of the FQDN
  • 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
resolvedUrlPort
  • uint32
  • Port
The HTTP server port
  • 443
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respAppVersion
  • string
-
The server application version number
  • SSH-2.0-OPENSSH_8.7
  • Virtual Network Sensor
respArchFiles
  • object_ArchFileInfo[]
-
The file information extracted from files detected in response direction
  • -
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respCode
  • string
-
The network protocol response code
  • 200
  • 25
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respDataSize
  • uint64
-
The data volume transmitted over the transport layer by the server (in bytes)
  • 7856
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
respDate
  • string
-
The HTTP response date header
  • Fri, 20 Oct 2017 06:02:09 GMT
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respFileHash
  • string
  • FileSHA1
The SHA-1 of the file detected in the response direction
  • f17d9c55dea88f9aec8f74363f01e918cffb4142
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respFileHashSha256
  • string
  • FileSHA2
The SHA-256 of the file detected in the response direction
  • 5ad4396d67f0c9d54572f051e28e9e62f4010c269a953d25259b17ad5fab4fd5
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respFileType
  • string
-
The file type detected in the response direction
  • PKZIP
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respHeaders
  • string
-
The list of HTTP response headers without sensitive information
  • Accept-Ranges: bytes Content-Length: 68 Content-Type: - text/plain; charset=utf-8 Last-Modified: Thu, 19 Aug 2021 06:23:54 GMT Date: Thu, 19 Aug 2021 06:24:00 GMT
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respMethod
  • string
-
The response method
  • KRB_ERROR
  • AS_REP
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
respScannedBytes
  • uint64
-
The data volume transmitted by the server (in bytes)
  • 6654
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
responseSize
  • int64
-
The response length
  • 1324
  • Trend Vision One Zero Trust Secure Access Internet Access
ruleName
  • string
-
The name of the triggered cloud access rule
  • ETL_Access Rules_Web_Host
  • block_wiki_for_guest
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
ruleUuid
  • string
-
The risk assessment and control design that is defined by Zero Trust Secure Access risk control rules
  • 11111111-1111-1111-1111-111111111111
  • Trend Vision One Zero Trust Secure Access Private Access
sOSName
  • string
-
The source OS
  • Windows 10
  • Palo Alto Networks Next-Generation Firewalls
sUser1
  • string
  • UserAccount
The latest sign-in user of the source
  • 000c29edef58
  • sample.com\ser-desktopcentral
  • Palo Alto Networks Next-Generation Firewalls
sender
  • string
-
The roaming users or Trend Micro Web Security gateway where the web traffic passed
  • ETL VPN
  • Trend Vision One Zero Trust Secure Access Internet Access
serverGroup
  • string
-
The server IP network group
  • myCompany
  • myGroup
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
serverHost
  • string
-
The server IP hostname
  • sample.test.com
  • sample.tw.test.org
  • Virtual Network Sensor
serverIp
  • string
  • IPv4
  • IPv6
The server IP
  • 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
serverMAC
  • string
-
The server MAC address
  • 00-00-00-ff-ff-ff
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
serverPort
  • uint32
  • Port
The server port
  • 443
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
serverProtocol
  • string
-
The version of the HTTP protocol between the Service Gateway and server/website
  • HTTP/1.1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
serverRespTime
  • int64
-
The time the server took to respond to the request (in milliseconds)
  • 1599465660123
  • Trend Vision One Zero Trust Secure Access Internet Access
serverTls
  • string
-
The TLS version between the Service Gateway and server/website
  • TLS 1.2
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
sessionEnd
  • int64
-
The session end time (in seconds)
  • 1575462989
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sessionEndReason
  • string
-
The reason why a session was terminated
  • tcp-fin
  • tcp-rst-from-server
  • Palo Alto Networks Next-Generation Firewalls
sessionStart
  • int64
-
The session start time (in seconds)
  • 1575462989
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
shost
  • string
  • DomainName
The source hostname
  • sw_us-east-1a_10-124-17-69
  • sw_us-east-1c_10-124-21-139
  • Palo Alto Networks Next-Generation Firewalls
smac
  • string
-
The source MAC address
  • 00-00-00-ff-ff-ff
  • Palo Alto Networks Next-Generation Firewalls
spt
  • int32
  • Port
The virtual port of the source assigned to the Secure Access Module (srcport)
  • 57763
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
src
  • string
  • IPv4
  • IPv6
The source IP (srcaddr)
  • 10.10.10.10
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
srcLocation
  • string
-
The source country
  • Japan
  • Palo Alto Networks Next-Generation Firewalls
srcZone
  • string
-
The source zone of the Palo Alto Networks firewall session
  • LAB-Small
  • Palo Alto Networks Next-Generation Firewalls
sslCertCommonName
  • string
  • DomainName
  • HostDomain
The certificate common name
  • *.www.sample.com
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertFingerprint
  • string
-
The certificate fingerprint
  • 3914af80223c833f26df001cbf342eff8a31aba1
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertIssuer
  • string
-
The issuer of the certificate
  • /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertSANs
  • string[]
-
The Subject Alternative Name of the certificate
  • *.www.sample.com
  • add.my.sample.com
  • au.sample.com
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertSerialNumber
  • string
-
The certificate serial number
  • 0888b1ad2a593310593f47565a5a5a4a
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertValidFrom
  • string
-
The certificate validity start time
  • 2014-11-21T02:43:28
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
sslCertValidUntil
  • string
-
The certificate validity end time
  • 2018-11-21T02:43:28
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
status
  • string
-
The network analysis flow session status
  • 2
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
subLocationId
  • string
-
The sub-location ID
  • lz-0abcd123efg4567h
  • op-0abcd123efg4567h
  • wz-0abcd123efg4567h
  • XDR for Cloud - AWS VPC Flow Logs
subLocationType
  • string
-
The sub-location type
  • wavelength
  • outpost
  • localzone
  • XDR for Cloud - AWS VPC Flow Logs
subnetId
  • string
-
The subnet ID
  • subnet-01234567890abcdef
  • XDR for Cloud - AWS VPC Flow Logs
suid
  • string
  • UserAccount
The user name or IP address (IPv4)
  • Sample User Name
  • 10.10.10.10
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
suser
  • string
  • EmailSender
The email sender
  • sample_email@trendmicro.com
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
tags
  • string[]
  • Technique
The detected technique ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
  • Security Analytics Engine
tcpFlags
  • int32
-
The bitmask value of the FIN/SYN/RST/SYN-ACK TCP flags
  • 1
  • 2
  • 4
  • 18
  • XDR for Cloud - AWS VPC Flow Logs
tlsJA3Fingerprint
  • string
-
The JA3 fingerprint
-
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
tlsJA3SFingerprint
  • string
-
The raw JA3S
  • 771,157,65281-15
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
tlsSelectedCipher
  • string
-
The selected cipher of the TLS protocol
  • c02f
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
trafficPath
  • int32
-
The egress traffic path number
  • 1
  • 2
  • 8
  • XDR for Cloud - AWS VPC Flow Logs
trafficType
  • string
-
The traffic type
  • Forward
  • Trend Vision One Zero Trust Secure Access Internet Access
userDepartment
  • string
-
The user department request method
  • Sales
  • Trend Vision One Zero Trust Secure Access Internet Access
userDomain
  • string
  • DomainName
  • AccountDomain
The Microsoft Entra ID domain or the domain of the Trend Micro Anti-Spam administrator portal user name
  • trendmicro.com
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
uuid
  • string
-
The unique key of the log
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
vpcId
  • string
-
The VPC ID
  • vpc-01234567890abcdef
  • XDR for Cloud - AWS VPC Flow Logs
vsysName
  • string
-
The Palo Alto Networks virtual system of the session
  • vsys1
  • Palo Alto Networks Next-Generation Firewalls