Data Mapping: Mobile Activity Data

Field Name

Type

General Field

Description

Example

Products

appLabel

string

-

The app name (if the subject is an app)

  • Collection Nes Games

  • Mobile Security

appPkgName

string

-

The app package name (if the subject is an app)

  • com.ConsolesXX.CollectionNesGames

  • Mobile Security

appPublicKeySha1

string

  • FileSHA1

The SHA-1 hash of the app public key (if the subject is an app)

  • 05FC638156219800DADAC48D8E621E0BCBD3C321

  • Mobile Security

endpointGuid

string

  • EndpointID

The host GUID of the endpoint on which the event was detected

  • 885fd860-cc63-5c61-9eca-37911c864cc9

  • fbcf0426-c46b-4fe7-b3a8-e6896de49ea3

  • Mobile Security

endpointHostName

string

  • EndpointName

The host name of the endpoint on which the event was detected

  • PHILIPSIBE09

  • WHAM6WK8XG2

  • MacBook-Pro-del-Meno

  • Mobile Security

endpointIp

string[]

  • IPv4

  • IPv6

The IP address of the endpoint on which the event was detected

  • 127.0.0.1

  • ::1

  • fe80::1

  • Mobile Security

endpointModel

string

-

The endpoint device model

  • Pixel 3 XL

  • Mobile Security

eventId

TelemetryHeader.TELEMETRY_EVENT_ID

-

The event type

-

  • Mobile Security

eventSubId

TelemetryHeader.TELEMETRY_EVENT_SUB_ID

-

The access type of the event

  • TELEMETRY_PROCESS_CREATE

  • TELEMETRY_FILE_CREATE

  • TELEMETRY_CONNECTION_CONNECT_OUTBOUND

  • Mobile Security

eventTime

int64

-

The time recorded when the agent detected the event

  • 1657781088000

  • Mobile Security

filterRiskLevel

string

-

The top-level risk level of the event

  • info

  • low

  • medium

  • Security Analytics Engine

logonUser

string[]

  • UserAccount

The sign on user name

  • root

  • SISTEMA

  • oracle

  • Mobile Security

objectAppBehavior

string

-

The activity that occurred on the app

  • GRANTED_CAMERA_PERMISSION

  • APP_NO_ICON

  • APP_HIDE_ICON

  • Mobile Security

objectAppBehaviorAttr

string

-

The attributes of the app activity

  • android.intent.action.BOOT_COMPLETED

  • Mobile Security

objectAppDexSha256

string

  • FileSHA2

The SHA-256 hash of the app dex value

  • C23A87B77B06442FD9AF9A80DD87191EDEADFAB766C862EBC592FE18063D0449

  • Mobile Security

objectAppLabel

string

-

The app name

  • Collection Nes Games

  • Mobile Security

objectAppPackageName

string

-

The app package name

  • com.ConsolesXX.CollectionNesGames

  • Mobile Security

objectAppPublicKeySha1

string

  • FileSHA1

The SHA-1 hash of the app public key

  • 05FC638156219800DADAC48D8E621E0BCBD3C321

  • Mobile Security

objectAppSha256

string

  • FileSHA2

The SHA-256 hash of the app

  • 692BC8E6BC51807A24BEACC13ED2B68E1F954E152863430E3179FA812937B8B0

  • Mobile Security

objectAppVerName

string

-

The app version

  • 1

  • Mobile Security

objectCertAttr

string

-

The SHA-1 hash of the certificate public key

  • 05FC638156219800DADAC48D8E621E0BCBD3C321

  • Mobile Security

objectFileHashSha256

string

  • FileSHA2

The SHA-256 hash of the target process image or target file

  • 39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8

  • 49fa3e206abf6a1f4546417dbe09f3f06b38847866a4a66de75bd90f39cb6c1c

  • 0969321ad5a0923f0f03896ad2c10e49290515c44b721d773942a37f62a24893

  • Mobile Security

objectFilePath

string

  • FileFullPath

  • FileName

The file path location of the target process image or target file

  • /usr/bin/bash

  • /bin/bash

  • /opt/nimsoft/probes/system/processes/processes

  • Mobile Security

osName

string

-

The OS type

  • Windows

  • Linux

  • macOS

  • Mobile Security

pname

string

-

The internal product ID (Deprecated, use productCode)

  • 2200

  • 751

  • 533

  • Mobile Security

productCode

string

-

The internal product code (sds = Trend Cloud One Endpoint & Workload Security, xes=Trend Vision One Endpoint Sensor, sao=Apex One as a Service)

  • sds

  • xes

  • sao

  • Security Analytics Engine

request

string

  • URL

The request URL

  • http://10.1.222.175/Conserver/CommunicationNode

  • http:///cgi-bin/admin/param.cgi?action=list&group=Alarm.Status

  • http://search.namequery.com/

  • Mobile Security

srcFileHashSha256

string

  • FileSHA2

The SHA-256 hash of the source file

  • 4eaa002225f4ea2dedcd19b7f1337d7c58ea7dd6d4571c12468dde95e6bcfdaf

  • e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80

  • 16b20a3ad485b4fbbe3028c7e743b226db21ea93cacc8b3d7d7d4a731bf02333

  • Mobile Security

srcFilePath

string

  • FileFullPath

  • FileName

The file path location of the source file

  • \\cnva-apps\megaclockprod\traveler\travelerprint.accdb

  • c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml

  • q:\a7_dbs\a4_pkg\a4_packaging.accde

  • Mobile Security

tags

string[]

  • Technique

The detected MITRE technique ID based on the alert filter

  • MITREV9.T1057

  • MITREV9.T1059.003

  • XSAE.F2924

  • Security Analytics Engine

uuid

string

-

The unique key of the log

  • 00000003-be87-4aad-add2-d395e4efad3e

  • 00000014-0493-459d-9f90-93565402f41e

  • 0000006b-b5ea-4f5e-8d56-ddec452ef3bd

  • Security Analytics Engine