Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- What's New by Date
- What's New by App Group
- Release Notes
  - Service Gateway
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
- Cloud Posture
Dashboards and Reports
- Security Dashboard
  - Customizing the Security Dashboard
  - Protocol Groups in the Scanned Traffic Summary Widget
- Reports
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
    - Incident Details
      - Alerts (Incident View)
      - Incident-based Execution Profile
    - Assigning Incidents
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics
- Managed Services
- Companion
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Cyber Risk Assessment
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection)
- Getting Started with Trend Vision One Endpoint Security
- Endpoint Inventory
- Standard Endpoint Protection
- Server & Workload Protection
Cloud Security Operations
- Trend Vision One Container Security
- XDR for Containers
  - Getting Started with XDR for Containers
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Using Mobile Security in Conjunction with MDM Solutions or Azure AD
- Using Mobile Device Director
Service Management
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
- Product Instance
- Cloud Accounts
Administration
- User Accounts, Roles, and Single Sign-On (Legacy)
- User Accounts, Identity Providers, and User Roles (July 2023 update)
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
  - Enabling Hypersensitive Mode
Getting Help and Troubleshooting
- Help and Support
  - Creating a Support Case
- Self-Diagnosis

Data Mapping: Email Activity Data

Field Name	Type	General Field	Description	Example	Products
attachmentFileHashSha256s	string	FileSHA2	The SHA-256 hash of the email attachment	`0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4` `2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e` `20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentFileHashes	string	FileSHA1	The SHA-1 hash of the email attachment	`acedb7898338a46f38d148d1d0456e644576d41b` `ea6fcc4c0c1f10d71742b29e98a977d995473dd1` `03d8fb85556edf397d8afcafc0b13f11ecbde50c`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentFileName	string	FileName	The file name of the email attachment	`image001.png` `image002.png` `image003.png`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentMd5	string	FileMD5	The MD5 hash of the email attachment	`003fa299ab119219596f952c68029810` `03aeabf6a745cb627ee29c05a22e58cb`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentSha1	string	FileSHA1	The SHA-1 hash of the email attachment	`03d8fb85556edf397d8afcafc0b13f11ecbde50c` `056a2975edffe7188c03c324ae4335f9380b57e3`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentSha256	string	FileSHA2	The SHA-256 hash of the email attachment	`29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01` `cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentUrls	AttachmentUrl[]	-	The URLs extracted from the email attachment	-	Trend Micro Email Security
eventTime	int64	-	The event generation time on the agent endpoint	`1657135700000`	Trend Micro Cloud App Security Trend Micro Email Security
filterRiskLevel	string	-	The top-level risk level of the event	`info` `low` `medium`	Security Analytics Engine
mailAttachmentHash	string	FileMD5	The hash value of the email attachment	`02ab50ee0bccadb43d6cc504928f2ff2` `0a0f335fb04f1acebb7500d5358321c0`	Trend Micro Cloud App Security Trend Micro Email Security
mailBccAddresses	string	EmailRecipient	The BCC address in the email header	`customermarketing@flowserve.com` `diego.sales@quero-quero.com.br` `guilherme.cardoso@verdecard.com.br`	Trend Micro Email Security Trend Micro Cloud App Security
mailCcAddresses	string	EmailRecipient	The CC address in the email header	`<ListaVerdecard-MIS@quero-quero.com.br>` `produccion@bancoppel.com` `sbastidas@bancoppel.com`	Trend Micro Cloud App Security Trend Micro Email Security
mailDirection	int32	-	The email traffic direction	`1` `3` `25`	Trend Micro Cloud App Security Trend Micro Email Security
mailFromAddresses	string	EmailSender	The Mail From address in the email header	`noreply@email.teams.microsoft.com` `viva-noreply@microsoft.com` `notification@fbworkmail.com`	Trend Micro Cloud App Security Trend Micro Email Security
mailMsgId	string	EmailMessageID	The email ID	`<01000181c6c8054d-a28e440d-23d0-4427-845e-a5af5a7aac60-000000@email.amazonses.com>` `<01000181fe0a3ce6-ff51a59e-0c83-461e-9ca9-ef55aa4089b5-000000@email.amazonses.com>`	Trend Micro Cloud App Security Trend Micro Email Security
mailMsgSubject	string	EmailSubject	The email subject	`Your daily briefing` `Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1`	Trend Micro Cloud App Security Trend Micro Email Security
mailSenderIp	string	-	The email sender IP address	`255.255.255.255` `200.196.154.13`	Trend Micro Cloud App Security Trend Micro Email Security
mailSmtpOriginalRecipients	string	-	The original email recipients in the SMTP envelope	`jesada.gonkratoke@scb.co.th` `central.transportes_al@braskem.com` `centraltransporte.al@grupopredial.com.br`	Trend Micro Email Security
mailSmtpRecipients	string	-	The mail recipients in the SMTP envelope after scanning	`jesada.gonkratoke@scb.co.th` `central.transportes_al@braskem.com` `centraltransporte.al@grupopredial.com.br`	Trend Micro Email Security
mailSourceDomain	string	-	The email domain of the sender	`itau-unibanco.com.br` `coppel.com` `ehi.com`	Trend Micro Cloud App Security
mailToAddresses	string	EmailRecipient	The Mail To address in the email header	`jesada.gonkratoke@scb.co.th` `daniel.goncalves@bancobmg.com.br` `jefferson.molino@bancobmg.com.br`	Trend Micro Cloud App Security Trend Micro Email Security
mailUrlsRealLink	string	URL	The URL extracted from the email content	`https://aka.ms/JoinTeamsMeeting` `http://go.microsoft.com/fwlink/p/?LinkID=512132`	Trend Micro Cloud App Security Trend Micro Email Security
mailUrlsVisibleLink	string	URL	The URL extracted from the email content	`Unsubscribe` `Android`	Trend Micro Cloud App Security Trend Micro Email Security
mailbox	string	-	The primary email address	`luis.sanchezl@arus.com.co` `acbaylon@ngcp.ph` `gabriel.andre@bancobmg.com.br`	Trend Micro Cloud App Security
msgUuid	string	-	The internal email UUID to identify each email message	`00004c28-bda5-496d-ae90-5182d36e9396` `002ac78d-862a-408f-80c2-34bd52a2adaa` `004f276e-8588-49b2-a7ed-eb86567bf2d7`	Trend Micro Cloud App Security Trend Micro Email Security
orgId	string	-	The Cloud App Security organization ID	`182a3fa0-a3a7-11eb-8590-8d526fa1feaa` `4da1fde0-b022-11ea-aa58-cf3ff4ef7956` `784a57b0-336d-11e8-887d-8f04f83dbb5b`	Trend Micro Cloud App Security
pname	string	-	The internal product code (deprecated)	`733` `742`	Trend Micro Cloud App Security Trend Micro Email Security
productCode	string	-	The product code of the product that sent the log	`sca` `sem`	Security Analytics Engine
scanType	string	-	The manual or real-time scan	`realtime_mailmeta-exchange` `realtime_mailmeta-gmail` `gateway_mailmetadata`	Trend Micro Cloud App Security Trend Micro Email Security
tags	string	-	The detected MITRE technique ID based on the alert	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	Security Analytics Engine
uuid	string	-	The unique key of the log entry	`00008a58-5c57-46b2-ad06-335035989d08` `0000ca1e-abfa-4013-9213-2dcf5cf1c4d0` `0001469c-dc16-469f-8e44-3d02d2057250`	Security Analytics Engine