Data Mapping: Email Activity Data

Field Name

General Field

Description

Sample

Products

uuid

-

Unique key of the log entry

  • 00008a58-5c57-46b2-ad06-335035989d08

  • 0000ca1e-abfa-4013-9213-2dcf5cf1c4d0

  • 0001469c-dc16-469f-8e44-3d02d2057250

  • Security Analytics Engine

eventTime

-

Event generation time on the agent endpoint

  • 1657135700000

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

tags

-

ID of the MITRE technique detected based on the alert

  • MITREV9.T1057

  • MITREV9.T1059.003

  • XSAE.F2924

  • Security Analytics Engine

productCode

-

Product code of the product that sent the log

  • sca (Trend Micro Cloud App Security)

  • sem (Trend Micro Email Security)

  • Security Analytics Engine

filterRiskLevel

-

Top-level risk level of the event

  • info

  • low

  • medium

  • Security Analytics Engine

pname

-

Internal product code (depricated)

  • 733

  • 742

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

msgUuid

-

Internal email UUID to identify each email message

  • 00004c28-bda5-496d-ae90-5182d36e9396

  • 002ac78d-862a-408f-80c2-34bd52a2adaa

  • 004f276e-8588-49b2-a7ed-eb86567bf2d7

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailbox

-

Primary email address

  • luis.sanchezl@arus.com.co

  • acbaylon@ngcp.ph

  • gabriel.andre@bancobmg.com.br

  • Trend Micro Cloud App Security

mailDirection

-

Email traffic direction

  • 1

  • 3

  • 25

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailFromAddresses

EmailSender

Mail from address in email header

  • noreply@email.teams.microsoft.com

  • viva-noreply@microsoft.com

  • notification@fbworkmail.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailToAddresses

EmailRecipient

Mail To address in the email header

  • jesada.gonkratoke@scb.co.th

  • daniel.goncalves@bancobmg.com.br

  • jefferson.molino@bancobmg.com.br

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailMsgSubject

EmailSubject

Email subject

  • Your daily briefing

  • Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailMsgId

EmailMessageID

Email ID

  • <01000181c6c8054d-a28e440d-23d0-4427-845e-a5af5a7aac60-000000@email.amazonses.com>

  • <01000181fe0a3ce6-ff51a59e-0c83-461e-9ca9-ef55aa4089b5-000000@email.amazonses.com>

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailCcAddresses

EmailRecipient

Mail CC address in the email header

  • <ListaVerdecard-MIS@quero-quero.com.br>

  • produccion@bancoppel.com

  • sbastidas@bancoppel.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailBccAddresses

EmailRecipient

Mail BCC address in the email header

  • customermarketing@flowserve.com

  • diego.sales@quero-quero.com.br

  • guilherme.cardoso@verdecard.com.br

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

mailSenderIp

-

Email sender IP address

  • 255.255.255.255

  • 200.196.154.13

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailAttachmentHash

FileSHA1

Hash value of the email attachment

  • 02ab50ee0bccadb43d6cc504928f2ff2

  • 0a0f335fb04f1acebb7500d5358321c0

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailUrlsRealLink

-

URL extracted from the email content

  • https://aka.ms/JoinTeamsMeeting

  • http://go.microsoft.com/fwlink/p/?LinkID=512132

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSourceDomain

-

Email domain of the sender

  • itau-unibanco.com.br

  • coppel.com

  • ehi.com

  • Trend Micro Cloud App Security

mailUrlsVisibleLink

-

URL extracted from the email content

  • Unsubscribe

  • Android

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

orgId

-

Cloud App Security orgnization ID

  • 182a3fa0-a3a7-11eb-8590-8d526fa1feaa

  • 4da1fde0-b022-11ea-aa58-cf3ff4ef7956

  • 784a57b0-336d-11e8-887d-8f04f83dbb5b

  • Trend Micro Cloud App Security

attachmentFileName

FileName

File name of the email attachment

  • image001.png

  • image002.png

  • image003.png

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentSha1

FileSHA1

SHA-1 hash of the email attachment

  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c

  • 056a2975edffe7188c03c324ae4335f9380b57e3

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentMd5

FileMD5

MD5 hash of the email attachment

  • 003fa299ab119219596f952c68029810

  • 03aeabf6a745cb627ee29c05a22e58cb

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentSha256

FileSHA2

SHA-256 hash of the email attachment

  • 29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01

  • cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentUrls

-

URLs extracted from the email attachment

-

  • Trend Micro Email Security

attachmentFileHashes

FileSHA1

SHA-1 hash of the email attachment

  • acedb7898338a46f38d148d1d0456e644576d41b

  • ea6fcc4c0c1f10d71742b29e98a977d995473dd1

  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentFileHashSha256s

FileSHA2

SHA-256 hash of the email attachment

  • 0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4

  • 2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e

  • 20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSmtpOriginalRecipients

-

Original email recipients in the SMTP envelope

  • jesada.gonkratoke@scb.co.th

  • central.transportes_al@braskem.com

  • centraltransporte.al@grupopredial.com.br

  • Trend Micro Email Security

mailSmtpRecipients

-

Email recipients in the SMTP envelope after scanning

  • jesada.gonkratoke@scb.co.th

  • central.transportes_al@braskem.com

  • centraltransporte.al@grupopredial.com.br

  • Trend Micro Email Security

version

-

  • 1.1

  • Security Analytics Engine

customerId

-

  • df1fd66c-dea3-40fb-a78b-1442d6154ecc

  • e0f6a485-204f-4988-9253-f02b6481c205

  • b48f2239-d797-4967-bf8a-d0861ebb94e9

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

receivedTime

-

Time the log was received

  • 1656324260000

  • Security Analytics Engine

packageTraceId

-

  • 00001008-d7ef-4066-9d93-55c3d450bf76

  • 0000202f-92ec-4b8d-8df1-5c8551f33e4b

  • 00002778-c203-4d2e-ac0f-d6c84ea9451b

  • Security Analytics Engine

groupId

-

  • 00000000-0000-0000-0000-000000000000

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

tenantGuid

-

  • 00000000-0000-0000-0000-000000000000

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

bitwiseFilterRiskLevel

-

Bitwise risk-level filter search

  • 1

  • 2

  • 8

  • Security Analytics Engine

scanType

-

Manual or real-time scan

  • realtime_mailmeta-exchange

  • realtime_mailmeta-gmail

  • gateway_mailmetadata

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailFolder

-

  • Inbox

  • Bandeja de entrada

  • Sent Items

  • Trend Micro Cloud App Security

msgUuidChain

-

  • 00004c28-bda5-496d-ae90-5182d36e9396;00004c28-bda5-496d-ae90-5182d36e9396

  • 002ac78d-862a-408f-80c2-34bd52a2adaa;002ac78d-862a-408f-80c2-34bd52a2adaa

  • 004f276e-8588-49b2-a7ed-eb86567bf2d7;004f276e-8588-49b2-a7ed-eb86567bf2d7

  • Trend Micro Email Security

mailMetaTraceId

-

  • Trend Micro Email Security

mExternalUid

-

  • 00001300@jasperengines.com@@<DS7PR19MB62774CC3DB9201971B5BCE63A0909@DS7PR19MB6277.namprd19.prod.outlook.com>@@69cd4d99e0ab75eadd9b987191c66b4e@@1

  • 00001389@jasperengines.com@@<c332bb6e-ba21-4fae-bfd1-1f548a571587>@@5245531282021f313d11e5d5422436cb@@1

  • 00001392@jasperengines.com@@<573186405.1072205.1658257233431.JavaMail.cloud@p2-elasticrender-0bea27432cfd6429e>@@9857ba30b94835e87dedf3aa00a85784@@1

  • Trend Micro Cloud App Security

mailMetaData

-

  • [{" ":1},{"\n":1}]

  • [{"\n":1}]

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailTagHashRawSignature

-

  • PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjxtZXRhIG5hbWU9IGNvbnRlbnQ9ID48c3R5bGU+PCEtLS0tPjwvc3R5bGU+PC9oZWFkPjxib2R5IGxhbmc9IGxpbms9IHZsaW5rPSBzdHlsZT0gPjxkaXYgY2xhc3M9ID48cCBjbGFzcz0gPjxURVhUPjwvcD48L2Rpdj48L2JvZHk+PC9odG1sPg==

  • PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjwvaGVhZD48Ym9keT48VEVYVD48L2JvZHk+PC9odG1sPg==

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailXMailer

-

  • Microsoft Outlook 16.0

  • Microsoft CDO for Windows 2000

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailUserAgent

-

  • Mutt/1.4.2.2i

  • Heirloom mailx 12.5 7/5/10

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

mailFeatureId

-

-

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

mailRuleId

-

  • 42003

  • 148036

  • 148140

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailTagHash

-

  • 9ce01ebc63f408264876646e20905349

  • cf679dc99042b781106cbaccd4045ed3

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailTextHash

-

  • 221bab3766f6d2a2c6fcc37056511d53

  • f26f3a415103ea083ac49be6bb60f337

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailUrlHash

-

  • ca52197d96e4a00ce19eaf34b20c8937

  • ad50776a891bead6bf222e2b7be17724

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailHeaderHash

-

  • 43f8bfc02d8f78f069c254bc17eba80b

  • aa5d16ca145f91471e482d235843aac5

  • ad8776382ea4b7cffd0961c70223162e

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailScore

-

-

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

mailWantedHeaderName

-

  • CC

  • X-TM-Product-Ver

  • Received

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailWantedHeaderValue

-

  • cloud-app-security-5.0

  • BCL:0;

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailReplyToAddresses

-

  • noreply@fbworkmail.com

  • itau@service-now.com

  • no-reply@sharepointonline.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSmtpFromAddresses

-

  • nullsender@tmes.trendmicro.com

  • notification@fbworkmail.com

  • noreply@email.teams.microsoft.com

  • Trend Micro Email Security

mailThreatType

-

  • suspected

  • suspected,

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailWholeHeader

-

  • "Microsoft Viva"<viva-noreply@microsoft.com>

  • "AWS CloudWatch Event Rule Security Alert!" <no-reply@sns.amazonaws.com>

  • <EMAILAUTOMATICO@CORREIO.ITAU.COM.BR>

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailHelo

-

  • HELO inpost.tmes.trendmicro.com

  • HELO edge.itau-unibanco.com.br

  • HELO us-smtp-1.mimecast.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentTlsh

-

  • 0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39

  • 7C31C9827A71A905CC6B0A73B10FE80C06F01E814AA396347F8B6F979690E9C3D75147

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentSize

-

-

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

attachmentSource

-

  • TMASE

  • PRODUCT

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSmtpTls

-

  • TLS 1.2

  • TLS 1.3

  • noTLS

  • Trend Micro Email Security

attachmentFileTlshes

-

-

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

eventSourceType

-

  • EVENT_SOURCE_EMAIL_META

  • Security Analytics Engine

mailMetaText

-

  • Trend Micro Email Security