Data Mapping: Email Activity Data

Field Name

Type

General Field

Description

Example

Products

attachmentFileHashSha256s

string

  • FileSHA2

The SHA-256 hash of the email attachment

  • 0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4

  • 2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e

  • 20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentFileHashes

string

  • FileSHA1

The SHA-1 hash of the email attachment

  • acedb7898338a46f38d148d1d0456e644576d41b

  • ea6fcc4c0c1f10d71742b29e98a977d995473dd1

  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentFileName

string

  • FileName

The file name of the email attachment

  • image001.png

  • image002.png

  • image003.png

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentMd5

string

  • FileMD5

The MD5 hash of the email attachment

  • 003fa299ab119219596f952c68029810

  • 03aeabf6a745cb627ee29c05a22e58cb

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentSha1

string

  • FileSHA1

The SHA-1 hash of the email attachment

  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c

  • 056a2975edffe7188c03c324ae4335f9380b57e3

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentSha256

string

  • FileSHA2

The SHA-256 hash of the email attachment

  • 29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01

  • cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

attachmentUrls

AttachmentUrl[]

-

The URLs extracted from the email attachment

-

  • Trend Micro Email Security

eventTime

int64

-

The event generation time on the agent endpoint

  • 1657135700000

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

filterRiskLevel

string

-

The top-level risk level of the event

  • info

  • low

  • medium

  • Security Analytics Engine

mailAttachmentHash

string

  • FileMD5

The hash value of the email attachment

  • 02ab50ee0bccadb43d6cc504928f2ff2

  • 0a0f335fb04f1acebb7500d5358321c0

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailBccAddresses

string

  • EmailRecipient

The BCC address in the email header

  • customermarketing@flowserve.com

  • diego.sales@quero-quero.com.br

  • guilherme.cardoso@verdecard.com.br

  • Trend Micro Email Security

  • Trend Micro Cloud App Security

mailCcAddresses

string

  • EmailRecipient

The CC address in the email header

  • <ListaVerdecard-MIS@quero-quero.com.br>

  • produccion@bancoppel.com

  • sbastidas@bancoppel.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailDirection

int32

-

The email traffic direction

  • 1

  • 3

  • 25

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailFromAddresses

string

  • EmailSender

The Mail From address in the email header

  • noreply@email.teams.microsoft.com

  • viva-noreply@microsoft.com

  • notification@fbworkmail.com

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailMsgId

string

  • EmailMessageID

The email ID

  • <01000181c6c8054d-a28e440d-23d0-4427-845e-a5af5a7aac60-000000@email.amazonses.com>

  • <01000181fe0a3ce6-ff51a59e-0c83-461e-9ca9-ef55aa4089b5-000000@email.amazonses.com>

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailMsgSubject

string

  • EmailSubject

The email subject

  • Your daily briefing

  • Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSenderIp

string

-

The email sender IP address

  • 255.255.255.255

  • 200.196.154.13

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailSmtpOriginalRecipients

string

-

The original email recipients in the SMTP envelope

  • jesada.gonkratoke@scb.co.th

  • central.transportes_al@braskem.com

  • centraltransporte.al@grupopredial.com.br

  • Trend Micro Email Security

mailSmtpRecipients

string

-

The mail recipients in the SMTP envelope after scanning

  • jesada.gonkratoke@scb.co.th

  • central.transportes_al@braskem.com

  • centraltransporte.al@grupopredial.com.br

  • Trend Micro Email Security

mailSourceDomain

string

-

The email domain of the sender

  • itau-unibanco.com.br

  • coppel.com

  • ehi.com

  • Trend Micro Cloud App Security

mailToAddresses

string

  • EmailRecipient

The Mail To address in the email header

  • jesada.gonkratoke@scb.co.th

  • daniel.goncalves@bancobmg.com.br

  • jefferson.molino@bancobmg.com.br

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailUrlsRealLink

string

  • URL

The URL extracted from the email content

  • https://aka.ms/JoinTeamsMeeting

  • http://go.microsoft.com/fwlink/p/?LinkID=512132

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailUrlsVisibleLink

string

  • URL

The URL extracted from the email content

  • Unsubscribe

  • Android

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

mailbox

string

-

The primary email address

  • luis.sanchezl@arus.com.co

  • acbaylon@ngcp.ph

  • gabriel.andre@bancobmg.com.br

  • Trend Micro Cloud App Security

msgUuid

string

-

The internal email UUID to identify each email message

  • 00004c28-bda5-496d-ae90-5182d36e9396

  • 002ac78d-862a-408f-80c2-34bd52a2adaa

  • 004f276e-8588-49b2-a7ed-eb86567bf2d7

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

orgId

string

-

The Cloud App Security organization ID

  • 182a3fa0-a3a7-11eb-8590-8d526fa1feaa

  • 4da1fde0-b022-11ea-aa58-cf3ff4ef7956

  • 784a57b0-336d-11e8-887d-8f04f83dbb5b

  • Trend Micro Cloud App Security

pname

string

-

The internal product code (deprecated)

  • 733

  • 742

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

productCode

string

-

The product code of the product that sent the log

  • sca

  • sem

  • Security Analytics Engine

scanType

string

-

The manual or real-time scan

  • realtime_mailmeta-exchange

  • realtime_mailmeta-gmail

  • gateway_mailmetadata

  • Trend Micro Cloud App Security

  • Trend Micro Email Security

tags

string

-

The detected MITRE technique ID based on the alert

  • MITREV9.T1057

  • MITREV9.T1059.003

  • XSAE.F2924

  • Security Analytics Engine

uuid

string

-

The unique key of the log entry

  • 00008a58-5c57-46b2-ad06-335035989d08

  • 0000ca1e-abfa-4013-9213-2dcf5cf1c4d0

  • 0001469c-dc16-469f-8e44-3d02d2057250

  • Security Analytics Engine