Data Mapping: Web Activity Data
|
Field |
General Field |
Example |
Notes |
|---|---|---|---|
|
act |
|
allow |
Rule action
|
|
application |
|
The Secure HyperText Transfer Protocol |
Name of the application requested |
|
detectionType |
|
Not match any rule |
The reason the TMWS Scanner took action |
|
dst |
IPv4 |
192.0.2.0 |
Server ip, Client ip |
|
fileHash |
FileSHA1 |
98A9A1C8F69373B211E5F1E303BA8762F44BC898 |
SHA1 of the file |
|
malName |
|
BadZipFile |
Name of the malware detected |
|
mimeType |
|
/ |
MIME type(a two-part identifier for file formats and format contents transmitted) of the traffic |
|
pname |
|
Trend Micro Web Security |
Name of application request |
|
policyName |
|
default |
Rule name, name of the cloud access rule triggered |
|
principalName |
|
john.doe@example.com |
User principal name |
|
profile |
|
default |
Name of the Threat Protection template or Data Loss Prevention profile triggered |
|
request |
|
/ |
URL(Uniform Resource Locator) of the traffic |
|
requestBase |
DomainName |
self.events.data.microsoft.com |
URL domain |
|
rt_utc |
|
1627558859 |
UTC timestamp |
|
score |
|
Safe |
Web Reputation Services score |
|
sender |
|
TMWS Gateway TW |
TMWS gateways where the web traffic passed |
|
src |
IPv4 |
192.0.2.0 |
Server ip, Client ip |
|
suid |
UserAccount |
john_doe |
User name (Display Name) or IP address (IPv4) |
|
trafficSize |
|
422 |
Http request (POST, PUT) or http response (GET) body size |
|
urlCat |
|
Web Advertisement |
URL category |
|
userDepartment |
|
TMWS |
|
|
userDomain |
|
tmws-stg-demo.com |
Active directory domain, domain of user email for logging in TMWS Scanner |
