Field Name |
Type |
General Field |
Description |
Example |
Products |
---|---|---|---|---|---|
appLabel |
string |
- |
The app name (if the subject is an app) |
|
|
appPkgName |
string |
- |
The app package name (if the subject is an app) |
|
|
appPublicKeySha1 |
string |
|
The SHA-1 hash of the app public key (if the subject is an app) |
|
|
endpointGuid |
string |
|
The host GUID of the endpoint on which the event was detected |
|
|
endpointHostName |
string |
|
The host name of the endpoint on which the event was detected |
|
|
endpointIp |
string[] |
|
The IP address of the endpoint on which the event was detected |
|
|
endpointModel |
string |
- |
The endpoint device model |
|
|
eventId |
TelemetryHeader.TELEMETRY_EVENT_ID |
- |
The event type |
- |
|
eventSubId |
TelemetryHeader.TELEMETRY_EVENT_SUB_ID |
- |
The access type of the event |
|
|
eventTime |
int64 |
- |
The time recorded when the agent detected the event |
|
|
filterRiskLevel |
string |
- |
The top-level risk level of the event |
|
|
logonUser |
string[] |
|
The sign on user name |
|
|
objectAppBehavior |
string |
- |
The activity that occurred on the app |
|
|
objectAppBehaviorAttr |
string |
- |
The attributes of the app activity |
|
|
objectAppDexSha256 |
string |
|
The SHA-256 hash of the app dex value |
|
|
objectAppLabel |
string |
- |
The app name |
|
|
objectAppPackageName |
string |
- |
The app package name |
|
|
objectAppPublicKeySha1 |
string |
|
The SHA-1 hash of the app public key |
|
|
objectAppSha256 |
string |
|
The SHA-256 hash of the app |
|
|
objectAppVerName |
string |
- |
The app version |
|
|
objectCertAttr |
string |
- |
The SHA-1 hash of the certificate public key |
|
|
objectFileHashSha256 |
string |
|
The SHA-256 hash of the target process image or target file |
|
|
objectFilePath |
string |
|
The file path location of the target process image or target file |
|
|
osName |
string |
- |
The OS type |
|
|
pname |
string |
- |
The internal product ID (Deprecated, use productCode) |
|
|
productCode |
string |
- |
The internal product code (sds = Trend Cloud One Endpoint & Workload Security, xes=Trend Vision One Endpoint Sensor, sao=Apex One as a Service) |
|
|
request |
string |
|
The request URL |
|
|
srcFileHashSha256 |
string |
|
The SHA-256 hash of the source file |
|
|
srcFilePath |
string |
|
The file path location of the source file |
|
|
tags |
string[] |
|
The detected MITRE technique ID based on the alert filter |
|
|
uuid |
string |
- |
The unique key of the log |
|
|