Online Help Center Home
Privacy and Personal Data Collection Disclosure
- Pre-release Disclaimer
- Pre-release Sub-feature Disclaimer
Trend Vision One Data Privacy, Security, and Compliance
What's New
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- Release Notes
Introduction
- Trend Vision One
- Checking the Trend Vision One Service Status
  - SERVICE LEVEL OBJECTIVES FOR TREND VISION ONE (herein this “SLO”)
Getting Started
- Getting Started with Trend Vision One
- Getting Started with Vulnerability Assessment
Risk Insights
- Executive Dashboard
- Attack Surface Discovery
- Operations Dashboard
Dashboards and Reports
- Security Dashboard
  - Customizing the Security Dashboard
  - Protocol Groups in the Scanned Traffic Summary Widget
- Reports
XDR Threat Investigation
- Detection Model Management
- Workbench
  - Alert View
  - Incident View
- Search App
- Observed Attack Techniques
- Targeted Attack Detection
- Forensics and Analysis
- Managed Services
- Companion
Threat Intelligence
- Campaign Intelligence
  - Threat Information Screen
- Intelligence Reports
- Suspicious Object Management
  - Suspicious Object List
  - Exception List
    - Adding Exceptions
- Sandbox Analysis
- Third-Party Intelligence
  - TAXII Feeds
    - Configuring a TAXII Feed
  - MISP Feeds
Workflow and Automation
- Security Playbooks
- Response Management
  - Response Actions
  - Response Data
- Third-Party Integration
- API Automation Center
- Service Gateway Management
Zero Trust Secure Access
- Getting Started with Zero Trust Secure Access
- Secure Access Overview
- Secure Access Rules
- Secure Access Resources
- Secure Access History
- Secure Access Configuration
- Troubleshooting Zero Trust Secure Access
Assessment
- Cyber Risk Assessment
Endpoint Security Operations
- Endpoint Inventory 2.0
- Endpoint Inventory
  - Getting Started with XDR for Endpoints
  - Managing the Endpoint List in Endpoint Inventory 1.0
    - Endpoint List Settings in Endpoint Inventory 1.0
- Endpoint Policies
- Trend Cloud One - Endpoint & Workload Security
Endpoint Security Operations (for Standard Endpoint and Server & Workload Protection)
- Getting Started with Trend Vision One Endpoint Security
- Endpoint Inventory
- Standard Endpoint Protection
- Server & Workload Protection
Cloud Security Operations
- Trend Vision One Container Security
- XDR for Containers
  - Getting Started with XDR for Containers
Network Security Operations
- Network Inventory
- Network Intrusion Prevention
Email Security Operations
- Email Account Inventory
  - Email Sensor Management
Mobile Security Operations
- Getting Started with Mobile Security
- Using Mobile Security in Conjunction with MDM Solutions or Azure AD
- Using Mobile Device Director
Service Management
- Product Connector
  - Connecting a Product
  - Required Settings on Supported Products
- Product Instance
- Cloud Accounts
Account
- User Accounts, Roles, and Single Sign-On (Legacy)
- User Accounts, Identity Providers, and User Roles (July 2023 update)
- Notifications
- Audit Logs
  - User Logs
    - User Log Data
  - System Logs
    - System Log Data
- Console Settings
- License Information
- Credit Usage
- Support Settings
  - Enabling Hypersensitive Mode
Getting Help and Troubleshooting
- Help and Support
  - Creating a Support Case
- Self-Diagnosis

Data Mapping: Mobile Activity Data

Field Name	Type	General Field	Description	Example	Products
appLabel	string	-	The app name (if the subject is an app)	`Collection Nes Games`	Mobile Security
appPkgName	string	-	The app package name (if the subject is an app)	`com.ConsolesXX.CollectionNesGames`	Mobile Security
appPublicKeySha1	string	FileSHA1	The SHA-1 hash of the app public key (if the subject is an app)	`05FC638156219800DADAC48D8E621E0BCBD3C321`	Mobile Security
endpointGuid	string	EndpointID	The host GUID of the endpoint on which the event was detected	`885fd860-cc63-5c61-9eca-37911c864cc9` `fbcf0426-c46b-4fe7-b3a8-e6896de49ea3`	Mobile Security
endpointHostName	string	EndpointName	The host name of the endpoint on which the event was detected	`PHILIPSIBE09` `WHAM6WK8XG2` `MacBook-Pro-del-Meno`	Mobile Security
endpointIp	string[]	IPv4 IPv6	The IP address of the endpoint on which the event was detected	`127.0.0.1` `::1` `fe80::1`	Mobile Security
endpointModel	string	-	The endpoint device model	`Pixel 3 XL`	Mobile Security
eventId	TelemetryHeader.TELEMETRY_EVENT_ID	-	The event type	-	Mobile Security
eventSubId	TelemetryHeader.TELEMETRY_EVENT_SUB_ID	-	The access type of the event	`TELEMETRY_PROCESS_CREATE` `TELEMETRY_FILE_CREATE` `TELEMETRY_CONNECTION_CONNECT_OUTBOUND`	Mobile Security
eventTime	int64	-	The time recorded when the agent detected the event	`1657781088000`	Mobile Security
filterRiskLevel	string	-	The top-level risk level of the event	`info` `low` `medium`	Security Analytics Engine
logonUser	string[]	UserAccount	The sign on user name	`root` `SISTEMA` `oracle`	Mobile Security
objectAppBehavior	string	-	The activity that occurred on the app	`GRANTED_CAMERA_PERMISSION` `APP_NO_ICON` `APP_HIDE_ICON`	Mobile Security
objectAppBehaviorAttr	string	-	The attributes of the app activity	`android.intent.action.BOOT_COMPLETED`	Mobile Security
objectAppDexSha256	string	FileSHA2	The SHA-256 hash of the app dex value	`C23A87B77B06442FD9AF9A80DD87191EDEADFAB766C862EBC592FE18063D0449`	Mobile Security
objectAppLabel	string	-	The app name	`Collection Nes Games`	Mobile Security
objectAppPackageName	string	-	The app package name	`com.ConsolesXX.CollectionNesGames`	Mobile Security
objectAppPublicKeySha1	string	FileSHA1	The SHA-1 hash of the app public key	`05FC638156219800DADAC48D8E621E0BCBD3C321`	Mobile Security
objectAppSha256	string	FileSHA2	The SHA-256 hash of the app	`692BC8E6BC51807A24BEACC13ED2B68E1F954E152863430E3179FA812937B8B0`	Mobile Security
objectAppVerName	string	-	The app version	`1`	Mobile Security
objectCertAttr	string	-	The SHA-1 hash of the certificate public key	`05FC638156219800DADAC48D8E621E0BCBD3C321`	Mobile Security
objectFileHashSha256	string	FileSHA2	The SHA-256 hash of the target process image or target file	`39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8` `49fa3e206abf6a1f4546417dbe09f3f06b38847866a4a66de75bd90f39cb6c1c` `0969321ad5a0923f0f03896ad2c10e49290515c44b721d773942a37f62a24893`	Mobile Security
objectFilePath	string	FileFullPath FileName	The file path location of the target process image or target file	`/usr/bin/bash` `/bin/bash` `/opt/nimsoft/probes/system/processes/processes`	Mobile Security
osName	string	-	The OS type	`Windows` `Linux` `macOS`	Mobile Security
pname	string	-	The internal product ID (Deprecated, use productCode)	`2200` `751` `533`	Mobile Security
productCode	string	-	The internal product code (sds = Trend Cloud One Endpoint & Workload Security, xes=Trend Vision One Endpoint Sensor, sao=Apex One as a Service)	`sds` `xes` `sao`	Security Analytics Engine
request	string	URL	The request URL	`http://10.1.222.175/Conserver/CommunicationNode` `http:///cgi-bin/admin/param.cgi?action=list&group=Alarm.Status` `http://search.namequery.com/`	Mobile Security
srcFileHashSha256	string	FileSHA2	The SHA-256 hash of the source file	`4eaa002225f4ea2dedcd19b7f1337d7c58ea7dd6d4571c12468dde95e6bcfdaf` `e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80` `16b20a3ad485b4fbbe3028c7e743b226db21ea93cacc8b3d7d7d4a731bf02333`	Mobile Security
srcFilePath	string	FileFullPath FileName	The file path location of the source file	`\\cnva-apps\megaclockprod\traveler\travelerprint.accdb` `c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml` `q:\a7_dbs\a4_pkg\a4_packaging.accde`	Mobile Security
tags	string[]	Technique	The detected MITRE technique ID based on the alert filter	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	Security Analytics Engine
uuid	string	-	The unique key of the log	`00000003-be87-4aad-add2-d395e4efad3e` `00000014-0493-459d-9f90-93565402f41e` `0000006b-b5ea-4f5e-8d56-ddec452ef3bd`	Security Analytics Engine