Field |
General Field |
Example |
Notes |
---|---|---|---|
hostName |
DomainName |
self.events.data.microsoft.com |
DNS event |
endpointGuid |
EndpointID |
e3c49595-09b9-47a3-a43f-6c21aa52e54f |
- |
endpointHostName |
EndpointName |
hr-johndoe1 |
- |
endpointIp |
|
|
Trend Micro Apex One records all IP addresses including 127.0.01 and virtual machine addresses. |
request |
URL |
https://www.example.com |
- |
objectIp |
|
|
Internet event |
dst |
|
|
Connection event |
src |
|
|
Connection event |
objectPort |
Port |
8080 |
Internet event |
spt |
Port |
5353 |
Port of connection source |
dpt |
Port |
5353 |
Port of connection destination |
objectFileHashSha1 |
FileSHA1 |
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
- |
parentFileHashSha1 |
FileSHA1 |
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
- |
processFileHashSha1 |
FileSHA1 |
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
- |
srcFileHashSha1 |
FileSHA1 |
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
- |
objectFileHashSha256 |
FileSHA2 |
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a |
|
parentFileHashSha256 |
FileSHA2 |
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a |
|
processFileHashSha256 |
FileSHA2 |
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a |
|
srcFileHashSha256 |
FileSHA2 |
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a |
|
objectFilePath |
FileFullPath |
C:\Program Files (x86)\temp\Application\test.exe |
- |
parentFilePath |
FileFullPath |
C:\Program Files (x86)\temp\Application\test.exe |
- |
srcFilePath |
FileFullPath |
C:\Program Files (x86)\temp\Application\test.exe |
- |
processFilePath |
ProcessFullPath |
C:\Program Files (x86)\temp\Application\test.exe |
- |
objectCmd |
CLICommand |
\??\c:\windows\system32\conhost.exe 0xffffffff -forcev1 |
- |
parentCmd |
CLICommand |
"c:\program files (x86)\tanium\tanium client\taniumclient.exe" -c |
- |
processCmd |
CLICommand |
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=en-US --no-sandbox |
- |
objectRegistryKeyHandle |
RegistryKey |
hklm\software\wow6432node\microsoft\windows\currentversion\run |
- |
objectRegistryValue |
RegistryValue |
its_ie_settings |
- |
objectRegistryData |
RegistryValueData |
wscript "C:\Program Files (x86)\JNJ\ITS_IE_PREF\IE_Preferences.vbs" |
- |
logonUser |
UserAccount |
[lenovo_tmp_uktqYZKK, jdodd4] |
- |
objectUser |
UserAccount |
john_doe |
Process event: The account that executed the process |
eventTime |
- |
1573752859458 |
Event occurrence time |
eventId |
- |
- |
|
eventSubId |
- |
- |
|
objectSigner |
- |
[trend micro, inc., trend micro, inc.] |
- |
objectSignerValid |
- |
[true, true] |
- |
pname |
- |
533 |
ID value for the reporting product For a complete list, see the table below. |
tags |
- |
- |
|
productCode |
- |
- |
Product |
pname Value |
---|---|
Trend Micro Apex One (Windows Security Agent) |
533 |
Trend Micro Apex One (Mac Security Agent) |
620 |
Trend Micro Apex One (Deep Security Linux Agent) |
2200 |
Deep Security |
2200 |
Deep Security Virtual Appliance |
2201 |
Deep Security Relay |
2202 |
Deep Security Manager |
2203 |
Deep Security MANIFEST |
2211 |
Deep Security Relay Manifest |
2212 |
Deep Security Rules Updates |
2213 |
Deep Security Smart Check 1 |
2214 |