偵測 | Trend Micro Service Central

檢視次數:

欄位名稱	類型	一般欄位	說明	範例	產品
存取權限	`字串`	-	訪問權限類型	`修改` `讀取並執行` `僅列出裝置內容` `封鎖`	Trend Micro Apex One as a Service
行動	`string[]`	-	為減輕事件所採取的行動	`日誌` `隔離` `終止` `未封鎖` `封鎖` `重設` `暫不處理` `使用者決策`	Trend Cloud One - Container Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Micro Web Security Trend Micro Email Security Trend Micro Deep Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access 電子郵件感測器 Palo Alto Networks 次世代防火牆 Trend Vision One Mobile Security 趨勢科技行動網路安全防護
actResult	`string[]`	-	操作結果	`已刪除` `成功` `已接受`	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne Stellar（內部部署） Trend Cloud One - Cloud Sentry Trend Vision One Mobile Security
聚合計數	`int64`	-	彙總事件的數量	`1` `2` `3`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Micro Web Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access TXOne Stellar（內部部署）
appDexSha256	`字串`	FileSHA2	使用 SHA-256 編碼的應用程式 dex	`08736EDDD3682AC26D9FD42DA2A20B0BADB5C85A5456A0AE85B52D60C564F290`	Trend Vision One Mobile Security
應用程式群組	`字串`	-	事件的應用程式類別	`DNS 回應` `HTTP` `CIFS`	Trend Micro Deep Discovery Inspector
appIsSystem	`bool`	-	該應用程式是否為系統應用程式	`false`	Trend Vision One Mobile Security
應用程式標籤	`字串`	-	應用程式名稱	`Mobile Security 病毒測試應用程式`	Trend Vision One Mobile Security
appPkgName	`字串`	-	應用程式套件名稱	`com.trustport.mobilesecurity_eicar_test_file`	Trend Vision One Mobile Security
appPublicKeySha1	`字串`	FileSHA1	應用程式公鑰 (SHA-1)	`72080A6B4EB11105B28E31C4753BC91414500AD4`	Trend Vision One Mobile Security
應用程式大小	`字串`	-	應用程式大小（以位元組為單位）	`28461`	Trend Vision One Mobile Security
appVerCode	`uint32`	-	應用程式版本代碼	`1`	Trend Vision One Mobile Security
應用程式	`字串`	-	所請求應用程式的名稱	`超文字傳輸通訊協定` `雙擊` `安全超文字傳輸通訊協定`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Trend Micro Apex One as a Service Palo Alto Networks 次世代防火牆
aptCampaigns	`string[]`	-	相關的APT活動	`POSSIBLE LSTUDIO` `網路潛伏者`	Trend Micro Deep Discovery Inspector
aptRelated	`字串`	-	該事件是否與APT有關	`0` `1`	Trend Micro Deep Discovery Inspector
附件	`object_Attachment[]`	-	關於電子郵件附件的資訊	`{"attachmentFileTlsh": "", "attachmentFileName": "testfile.txt","attachmentFileHash": "","attachmentFileSize": "-1"}`	Trend Micro Cloud App Security 電子郵件感測器
attachmentFileHash	`字串`	FileSHA1	電子郵件附件的 SHA-1	`C9877617DB6715792F9D5C959C1E8D4E56D0C281` `0340A8EE3AD2990E3EDCDB2E471EAA45B4286722` `0E56D9540B07ED15EF745348D35C72A6A00A0BD9`	Trend Micro Deep Discovery Inspector 電子郵件感測器
attachmentFileHashMd5	`字串`	FileMD5	附加檔案 (attachmentFileName) 的 MD5	`RSjbNuJB0hx39ZpzwLdipg==` `+TmuTNLw3FMQlaTbPwjD8g==` `+XWktHxXXdY0O4A82FQMzQ==`	Trend Micro Cloud App Security
attachmentFileHashSha1	`字串`	FileSHA1	附件檔案 (attachmentFileName) 的 SHA-1	`d63b1739a2fe56eb412dff1c69b76d4b9aad8ebd` `3b923d078ea3bd39489ed6d334c423e4478a8ee3` `3a2e6a64e1b7f4c6cbebcb9e949dc66b667cdfbe`	Trend Micro Cloud App Security Trend Micro Email Security
attachmentFileHashSha256	`字串`	FileSHA2	附加檔案 (attachmentFileName) 的 SHA-256	`D81D4C14DDEB8CA390FFADA69265AAD46CDEDD72CDD332CB8AA17D924626B397` `01DE1FC697D2D0850F0468474A3E1E0BF4D78B23F0633908CF82E504E0DCBFF9` `02D16D9970AB635A7B05C3A268E23F5B41C419DD022F1054E9FD912BE130BDB0`	Trend Micro Deep Discovery Inspector Trend Micro Email Security
attachmentFileHashes	`string[]`	-	電子郵件附件的 SHA-1	`056a2975edffe7188c03c324ae4335f9380b57e3` `05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
attachmentFileHashs	`string[]`	-	附件檔案的 SHA-1 雜湊值	`056a2975edffe7188c03c324ae4335f9380b57e3` `05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
attachmentFileName	`string[]`	檔案名稱	附件的檔案名稱	`郵件正文` `image001.png` `image002.png`	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector 電子郵件感測器
附件檔案大小	`int64`	-	電子郵件附件的檔案大小	`190843` `104454` `112197`	Trend Micro Deep Discovery Inspector 電子郵件感測器
附件檔案大小	`int64[]`	-	電子郵件附件的檔案大小	`190843` `104454` `112197`	電子郵件感測器
attachmentFileTlshes	`string[]`	-	電子郵件附件的TLSH	`0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39` `97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
attachmentFileTlshs	`string[]`	-	附件檔案的TLSH雜湊值	`0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39` `97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
attachmentFileType	`字串`	-	電子郵件附件的檔案類型	`PDF` `文字` `PKZIP`	Trend Micro Deep Discovery Inspector
authType	`字串`	-	授權類型	`Cookie JWT` `無認證`	Trend Vision One Zero Trust Secure Access Internet Access
azId	`字串`	-	虛擬機器可用性區域 ID	`us-east-1b` `us-west-2a`	Trend Cloud One - Cloud Sentry
行為類別	`字串`	-	匹配的政策類別	`策略實施` `灰色檢測` `安全威脅偵測`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
封鎖	`字串`	-	封鎖類型	`網頁信譽評等` `Web 伺服器`	Trend Micro Apex One as a Service
bmGroup	`字串`	-	一對多資料結構	logGenLocalDatetime:2022-07-08T09:21:11+00:00, act:Assessment, behaviorType:Registry, riskConfidenceLevel:1, ruleId:7, ruleName:New Service, behaviorCategory:Policy Enforcement, processFilePath:C:\Windows\SysWOW64\srts\wmipr.exe, aegisOperation:Set Key, objectFilePath:HKLM\SYSTEM\CurrentControlSet\Services\DpsiBSvc\Start, policyId:007, objectFileHashSha1:null, objectCmd:null, processFileHashSha1:null, processCmd:null, objectRegistryData:null, objectRegistryKeyHandle:null, objectRegistryValue:null	Trend Micro Apex One as a Service
機器人指令	`字串`	CLICommand	機器人指令	`1068` `Windows` `chrome.exe`	Trend Micro Deep Discovery Inspector
botUrl	`字串`	URL	機器人 URL	`7?01` `0000` `Windows`	Trend Micro Deep Discovery Inspector
類別	`字串`	-	事件類別	`漏洞利用` `偵察` `弱點` `安全政策`	TippingPoint 安全管理系統趨勢科技行動網路安全防護
cccaDestination	`字串`	URL	目標網域、IP、URL 或收件者	`157.240.233.61:443` `www.yandex2unitedstated.dns04.com` `amnsreiuojy.ru`	Trend Micro Deep Discovery Inspector
cccaDestinationFormat	`字串`	-	C&C 伺服器存取格式	`IP_DOMAIN` `URL`	Trend Micro Deep Discovery Inspector
ccca偵測	`字串`	-	此日誌是否被識別為 C&C 回呼位址檢測	`是`	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector
ccca偵測來源	`字串`	-	定義此 CCCA 偵測規則的清單	`CCCA_GLOBAL_LIST (0)` `全球情報` `USER_DEFINED`	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector
ccca風險等級	`int32`	-	與C&C伺服器相關的安全威脅行為者的嚴重性等級	-	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector
censusMaturityValue	`int32`	-	CENSUS 成熟度值	`0` `1` `2`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
censusPrevalenceValue	`int32`	-	CENSUS 普及率值	`0` `1` `2`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
頻道	`字串`	-	傳送所需 Windows 事件的通道	`本地檔案或網路磁碟機` `本地檔案或網路磁碟機` `本地檔案`	Trend Micro Apex One as a Service
clientFlag	`字串`	-	無論客戶端是來源還是目的地	`dst` `src`	Trend Micro Deep Discovery Inspector
clientIp	`string[]`	-	來源的 IP 位址	`190.210.251.166` `192.168.0.40` `181.44.178.180`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access
客戶狀態	`字串`	-	事件發生時的客戶端狀態	`重建資料庫` `線上` `離線`	Trend Micro Apex One as a Service
cloudAccountId	`字串`	-	雲端帳號 ID	`123456789012`	Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
雲端應用程式類別	`字串`	-	雲端信譽評等服務中的事件類別	`全部` `線上服務` `應用程式套件` `商業智慧與分析` `雲端運算平台`	Trend Vision One Zero Trust Secure Access Internet Access
cloudAppName	`字串`	-	雲端應用程式名稱	`團隊` `SharePoint` `交換` `gmail`	Trend Micro Cloud App Security
cloudMachineImageId	`字串`	-	雲端機器映像 ID	`ami-092d1c9fb626c2ba7`	Trend Cloud One - Cloud Sentry
cloudMachineImageName	`字串`	-	雲端機器映像檔名稱	`Windows_Server-2022-English-Full-SQL_2022_Standard-2024.05.15`	Trend Cloud One - Cloud Sentry
雲端提供者	`字串`	-	雲端資產的服務提供者	`aws` `Azure`	Trend Cloud One - Endpoint & Workload Security Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
cloudResourceDigest	`字串`	-	雲端資源摘要	`sha256:e8759728bdf756c2546bf88d772634d4b746ba2be6da74cb68d2a75fb135e29e` `Z29gD6/9+UmEejeSqt4zcqux+1nNIRdGhoffijjkaBc=`	Trend Cloud One - Cloud Sentry
cloudResourceId	`字串`	-	雲端資源 ID	`vol-0b00739236ff7faa9` `670666259092.dkr.ecr.us-west-1.amazonaws.com/us-west-1-sentry-scan-samples-ecr` `arn:aws:lambda:us-east-1:670666259092:function:StackSet-SentrySetdb47aff3-cc084aaa-5-sideScanVuln-6Dyn7ZcwCSPw`	Trend Cloud One - Cloud Sentry
cloudResourceTags	`字串`	-	雲端資源標籤	`-` `-`	Trend Cloud One - Cloud Sentry
cloudResourceType	`字串`	-	雲端資源類型	`ebs-volume` `ecr-repository-image` `lambda 函數` `lambda-layer`	Trend Cloud One - Cloud Sentry
cloudResourceVersion	`字串`	-	雲端資源版本	`113`	Trend Cloud One - Cloud Sentry
cloudStorageName	`字串`	-	雲端儲存名稱	`my-bucket`	Trend Cloud One – File Storage Security
clusterId	`字串`	-	容器的叢集 ID	`ben_eks_test-20k90A3jGa4d3YMYfrdGIgs7g9u`	Trend Cloud One - Container Security
clusterName	`字串`	-	容器的叢集名稱	`ben_eks_test`	Trend Cloud One - Container Security
計數	`int64`	-	日誌總數	`1` `2` `3`	Trend Micro Deep Discovery Inspector TXOne EdgeOne（內部部署） Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
compressedFileHash	`字串`	FileSHA1	解壓縮檔案的 SHA-1	`6E2ECB34B7798E179CC704111FB9733FBAAD5ACA` `FA71B59F35F0EE44D27F74917EF5A0DA2797E80B` `14D2302172EB81465CE12E01361AE24CDE170F7B`	Trend Micro Deep Discovery Inspector Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Cloud One - Cloud Sentry
compressedFileHashSha256	`字串`	FileSHA2	壓縮可疑檔案的 SHA-256	`60C7C5924DD09F7C6B150120FB92DCEE00AE82DB75C7402FA4D9152CF487A94F` `482FFC4F87B78C3C7073983CF65B593D9F13F0A3D6DC54B4A3F616F79838F3CE` `68C0126D9B4B0FC32DE181D0D67DA8FE82E23745F6023317D5E053B6F6ED26CF`	Trend Micro Deep Discovery Inspector Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Cloud One - Cloud Sentry
compressedFileName	`字串`	檔案名稱	壓縮檔案的檔案名稱	`/proc/32058/fd/150` `NONAMEFL` `/proc/10006/fd/30`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Endpoint & Workload Security Trend Cloud One - Cloud Sentry
壓縮檔案大小	`int64`	-	解壓縮檔案的檔案大小	`0` `265314` `175864`	Trend Micro Deep Discovery Inspector Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
壓縮檔案類型	`字串`	-	解壓縮檔案的檔案類型	`EXE` `JAVA` `PDF`	Trend Micro Deep Discovery Inspector Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
電腦網域	`字串`	-	電腦防護網域	`COMCEL_DOMINIO` `HDWA` `隨機`	Trend Micro Apex One as a Service
containerId	`字串`	-	Kubernetes 容器 ID	`4102001853b8`	Trend Cloud One - Container Security
容器映像	`字串`	-	Kubernetes 容器映像	`dockerhub.io/ubuntu:latest`	Trend Cloud One - Container Security
containerImageDigest	`字串`	-	Kubernetes 容器映像檔摘要	`sha256:626ffe58f6e7566e00254b638eb7e0f3b11d4da9675088f4781a50ae288f3322`	Trend Cloud One - Container Security
containerName	`字串`	-	Kubernetes 容器名稱	`k8s_ubuntu_ubuntu-ds-fp2jk_default_fc550ed4-3b54-402a-a56d-46096c285660_2`	Trend Cloud One - Container Security
correlationCat	`字串`	-	相關性類別	`可疑流量` `驗證` `偵察`	Trend Micro Deep Discovery Inspector
自訂標籤	`string[]`	-	事件標籤	`網路` `mitre_discovery`	Trend Cloud One - Container Security Trend Vision One 檔案安全
cve	`字串`	-	CVE 識別碼	`MS17-010` `CVE-2021-45046` `CVE-2021-44228`	Trend Micro Deep Discovery Inspector
cves	`string[]`	-	與此過濾器相關的 CVE	`CVE-2014-3567` `CVE-2016-6304` `CVE-2011-1385`	TippingPoint 安全管理系統 Trend Cloud One - Endpoint & Workload Security
dOSClass	`字串`	-	目標裝置作業系統類別	`Linux`	趨勢科技行動網路安全防護
dOSName	`字串`	-	目標主機作業系統	`Windows` `Windows 10` `Android`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
dOSVendor	`字串`	-	目標裝置作業系統供應商	`其他`	趨勢科技行動網路安全防護
dUser1	`字串`	UserAccount	目的地的最新登入使用者	`dhr\m42svc` `corp.uhsinc.biz\altsvc` `coppel.io\host`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
dacDeviceType	`字串`	-	裝置類型	`USB 儲存裝置` `行動裝置` `軟碟` `網路驅動程式`	Trend Micro Apex One as a Service
資料0	`字串`	-	Deep Discovery Inspector 關聯日誌的值	`1` `USR_SUSPICIOUS_IP.UMXX` `USR_SUSPICIOUS_URL.UMXX`	Trend Micro Deep Discovery Inspector
data0Name	`字串`	-	Deep Discovery Inspector 關聯日誌的名稱	`惡意程式名稱` `攻擊了此 IP` `IP 位址受到攻擊`	Trend Micro Deep Discovery Inspector
data1	`字串`	-	Deep Discovery Inspector 關聯日誌中繼資料	`2.57.122.209` `204.79.197.200` `208.111.136.0`	Trend Micro Deep Discovery Inspector
data1Name	`字串`	-	Deep Discovery Inspector 關聯日誌的名稱	`使用的埠` `惡意檔案已傳送到此 IP 位址` `惡意程式伺服器 IP 位址`	Trend Micro Deep Discovery Inspector
data2	`字串`	-	Deep Discovery Inspector 關聯日誌的值	`1` `10003` `2`	Trend Micro Deep Discovery Inspector
data2Name	`字串`	-	Deep Discovery Inspector 關聯日誌的名稱	`下載的惡意程式檔案數量` `通訊協定`	Trend Micro Deep Discovery Inspector
data3	`字串`	-	Deep Discovery Inspector 關聯日誌的值	`1` `172.17.195.67` `23903`	Trend Micro Deep Discovery Inspector
資料4	`字串`	-	Deep Discovery Inspector 關聯日誌的值	`2.57.122.209`	Trend Micro Deep Discovery Inspector
dceArtifactActions	`string[]`	-	損害清除及復原引擎工件上執行的操作	`資料夾備份` `objproc_dump` `subproc_dump`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
dceHash1	`字串`	-	趨勢科技安全威脅緩解伺服器是否需要日誌（趨勢科技安全威脅緩解伺服器已達生命週期終止）	`0`	Trend Micro Deep Discovery Inspector
dceHash2	`字串`	-	趨勢科技安全威脅緩解伺服器是否需要日誌（趨勢科技安全威脅緩解伺服器已達生命週期終止）	`0`	Trend Micro Deep Discovery Inspector
denyListFileHash	`字串`	FileSHA1	沙箱可疑物件的 SHA-1	`746C4D6048A409F33446463B28CA21CB2C5DD941` `DAA66CE3C1F08144885BB0E99837030C5231DE60`	Trend Micro Deep Discovery Inspector
denyListFileHashSha256	`字串`	-	使用者定義的可疑物件的 SHA-256	`757E5C8823CAA7406030A7E26AED2A2C95D16F69C5A14C884C8CAA72A0C001C3`	Trend Micro Deep Discovery Inspector
denyListHost	`字串`	網域名稱	沙箱可疑物件的網域	`www.yandex2unitedstated.dns04.com` `bingsearchlib.com` `laborerregular.com`	Trend Micro Deep Discovery Inspector
denyListIp	`string[]`	IPv4 IPv6	沙箱可疑對象的 IP	`146.185.253.132` `170.114.10.75` `104.21.17.237`	Trend Micro Deep Discovery Inspector
拒絕清單請求	`字串`	-	封鎖清單事件請求	`*` `upgrade.bitdefender.com` `https://5billionsales.com:443/gfx/flags/ua.png`	Trend Micro Deep Discovery Inspector
拒絕清單類型	`字串`	-	封鎖清單類型	`拒絕清單 URL` `拒絕清單檔案 SHA1`	Trend Micro Deep Discovery Inspector
destinationPath	`字串`	-	包含數位資產或頻道的檔案的預定目的地	`雲端儲存 (OneDrive)` `印表機` `tigoea-my.sharepoint.com/personal/rraragon_tigo_com_gt/_layouts/15/onedrive.aspx?login_hint=rraragon%40tigo%2Ecom%2Egt`	Trend Micro Apex One as a Service
偵測到的動作	`string[]`	-	對檢測到的工件執行的操作	`資料夾備份` `objproc_dump` `subproc_dump`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
偵測到的備份工件	`object_DceArtifact[]`	-	有關檢測到的工件的資訊	`{"objectArtifactId": "025d9f2a-ac9c-4cdf-b9e4-cf20c6e40281_0.dmp", "action": "object_process_dump", "status": 0, "processCreationTime": "1627574338077", "processImageFileName": "C:\Program Files\aaa\bbb\objprocess.exe"}`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
偵測到的備份資料夾	`字串`	-	檢測到的備份資料夾的資料夾路徑	`C:\\Program Files (x86)\\Trend Micro\\artifact\\DCE`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
偵測到的模式	`字串`	-	檢測到的模式	`dct.病毒`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
detectionAggregationId	`字串`	-	檢測日誌和工件的關聯鍵	`550e8400-e29b-41d4-a716-446655440000`	XDR Endpoint Sensor
檢測詳情	`字串`	-	每個事件類型的詳細資訊	`{}` `{"detail":"4.7.1 \u003ccustomermarketing@flowserve.com\u003e: 收件者地址被拒絕：Ratelimit-2"}` `{"detail":"4.7.1 \u003cvivo@vivo.com.br\u003e: 收件者地址被拒絕：Ratelimit-2"}`	Trend Micro Email Security
偵測引擎版本	`字串`	-	偵測引擎版本	`7.6.0`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
檢測名稱	`字串`	-	檢測的一般名稱	`Troj.Win32.TRX.XXPE50F13017` `Troj.Win32.TRX.XXPE50FFF059`	Trend Micro Apex One as a Service Trend Vision One Mobile Security
檢測類型	`字串`	-	偵測類型	`1` `檔案` `處理` `網路`	Trend Micro Deep Discovery Inspector Trend Cloud One - Endpoint & Workload Security Trend Micro Web Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Deep Security Trend Micro Email Security Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security
裝置方向	`字串`	-	裝置方向（如果來源 IP 位於由 Deep Discovery Inspector 監控的內部網路中，則標記為輸出。所有其他情況均標記為輸入。內部到內部也標記為輸出。）	`輸出` `輸入`	Trend Micro Deep Discovery Inspector Trend Micro Deep Security
deviceGUID	`字串`	-	報告檢測的代理程式的 GUID	`2C3208D7F62B-4C4C89CF-8D08-8F3F-8642` `0A8F141278A6-413487AF-70E4-FD28-8141` `3d9d04ee-e853-42a5-9c71-646d02d4fd64`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access
deviceMacAddress	`字串`	-	裝置 MAC 位址	`b4:96:91:50:86:48` `b8:ca:3a:6a:11:3c` `24:6e:96:15:1a:0c`	Trend Micro Deep Discovery Inspector
deviceModel	`字串`	-	裝置型號	`c96a`	Trend Micro Apex One as a Service
devicePayloadId	`字串`	-	裝置有效負載 ID	`0:14343219::F:S` `0:94174860::F:` `0:9665982::F:`	Trend Micro Deep Discovery Inspector
deviceSerial	`字串`	-	裝置序號 ID	`000000063a2e8f`	Trend Micro Apex One as a Service
dhost	`字串`	網域名稱	目的地主機名稱	`10.46.91.40` `200.185.65.108` `8.243.49.4`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
方向	`字串`	-	方向	`傳入` `傳出` `未知`	Trend Micro Apex One as a Service TXOne EdgeOne（內部部署） Palo Alto Networks 次世代防火牆
diskPartitionId	`字串`	-	雲端磁碟分割區 ID	`0` `1` `2`	Trend Cloud One - Cloud Sentry
dmac	`字串`	-	目標 IP (dest_ip) 的 MAC 位址	`00:09:0f:09:e6:18` `01:00:5E:7F:FF:FA` `00:00:0c:9f:f0:0a`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne（內部部署） Palo Alto Networks 次世代防火牆
網域名稱	`字串`	網域名稱	檢測到的網域名稱	`http://35.247.144.219` `Zoho Corporation` `ELET-RJ`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Cloud App Security
dpt	`int32`	通訊埠	目標通訊埠	`0` `445` `80`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint 安全管理系統 Trend Micro Deep Security Trend Cloud One - Network Security XDR Endpoint Sensor TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
目標	`string[]`	IPv4 IPv6	目標 IP	`239.255.255.250` `0.0.0.0` `10.46.91.40`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint 安全管理系統 Trend Micro Deep Security Trend Cloud One - Network Security XDR Endpoint Sensor Trend Vision One Zero Trust Secure Access Internet Access TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
dstEquipmentId	`字串`	-	目的地 IMEI	`350548054087659`	趨勢科技行動網路安全防護
dstFamily	`字串`	-	目標裝置家長防護	`電腦防護`	趨勢科技行動網路安全防護
dstGroup	`字串`	-	由目的地管理員定義的群組名稱	`預設` `資料中心服務 DL_已部署封鎖` `訪客-病人無線網路`	Trend Micro Deep Discovery Inspector 趨勢科技行動網路安全防護
dstLocation	`字串`	-	目的地國家	`日本`	Palo Alto Networks 次世代防火牆
dstSubscriberDirNum	`字串`	-	目的地 MSISDN	`8618687654321`	趨勢科技行動網路安全防護
dstSubscriberId	`字串`	-	目的地IMSI	`466686007810478`	趨勢科技行動網路安全防護
dstType	`字串`	-	目的裝置類型	`桌上型電腦/筆記型電腦`	趨勢科技行動網路安全防護
dstZone	`字串`	-	由目的地管理員定義的網路區域	`1` `0` `2`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
duser	`string[]`	電子郵件收件者	電子郵件收件者	`(無使用者)` `系統` `系統`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service 電子郵件感測器 Palo Alto Networks 次世代防火牆
dvc	`string[]`	-	Deep Discovery Inspector 設備 IP 位址	`10.150.26.18` `172.16.0.140` `10.34.168.133`	Trend Micro Deep Discovery Inspector
dvchost	`字串`	-	安裝了趨勢科技產品的電腦防護	`CU-PRO1-9039-2` `LTPF32PMNN`	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
endpointGUID	`字串`	EndpointID	報告檢測的代理程式的 GUID	`ae4d64aa-f8b8-bb36-b265-f59272ed342f` `8fb979f6-1376-bed3-227f-f2886e66194e` `ca2b3a7e-8415-c571-cc19-e45f69470026`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security XDR Endpoint Sensor Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access TXOne Stellar（內部部署） Trend Cloud One - Container Security
endpointHostName	`字串`	端點名稱	端點主機名或偵測到事件的節點	`10.124.17.69 (swpos-aws-aza02) [i-0fd28720e80225308]` `10.124.21.139 (swpos-aws-azc02) [i-07e2c4a803cd0fa93]` `10.15.52.160 (swpos-aws-azc02) [i-06d8a16f428e7e85b]` `ip-192-168-57-42.us-west-1.compute.internal`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access TXOne Stellar（內部部署） Trend Cloud One - Container Security Trend Cloud One - Cloud Sentry
endpointIp	`string[]`	IPv4 IPv6	端點上偵測到事件的 IP 位址	`192.168.204.215` `192.168.26.167` `192.168.46.168`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Cloud One - Network Security TXOne EdgeOne（內部部署） Trend Cloud One - 雲端哨兵
endpointMacAddress	`字串`	-	端點 MAC 位址	`A0-8C-FD-C3-E1-1B` `00-05-9A-3C-7A-00` `00-09-0F-AA-00-01`	Trend Micro Apex One as a Service TXOne EdgeOne（內部部署） TXOne Stellar（內部部署）
端點模型	`字串`	-	行動裝置型號	`M2101K9G`	Trend Vision One Mobile Security
engType	`字串`	-	引擎類型	`病毒掃瞄引擎 (Windows XP/Server 2003, x64)` `病毒掃瞄 NT 核心引擎` `間諜程式/可能的資安威脅程式掃瞄引擎 v.6 (64-bit)`	Trend Micro Apex One as a Service Trend Vision One 檔案安全
英文版本	`字串`	-	引擎版本	`1.0.0.1123_1.0.0.1101` `9.0.1004` `22.540.1001`	XDR Endpoint Sensor Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Vision One 檔案安全
引擎操作	`字串`	-	引擎事件的操作	`設定金鑰` `調用 API` `建立`	Trend Micro Apex One as a Service XDR Endpoint Sensor
事件類別	`字串`	-	事件類別	`可疑流量` `驗證` `偵察`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
eventId	`int64` `字串`	-	每個產品日誌中的事件 ID	`100100` `100101` `100116` `100117` `100119`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security XDR Endpoint Sensor Trend Micro Email Security TXOne Stellar（內部部署） Trend Cloud One - Container Security 電子郵件感測器 Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry Trend Vision One Mobile Security 趨勢科技行動網路安全防護
eventName	`字串`	-	事件類型	`LOG_INSPECTION_EVENT` `安全風險檢測` `網路威脅偵測` `LOG_INSPECTION_EVENT` `惡意軟體偵測` `處理活動` `WEB_POLICY_VIOLATION` `深度封包檢查事件` `完整性監控事件` `干擾性應用程式偵測` `產品摘要` `產品更新` `行為違規` `防火牆政策違規` `可疑行為檢測` `拒絕清單變更` `機器學習檢測` `DLP_VIOLATION` `惡意軟體爆發偵測`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint 安全管理系統 Trend Micro Cloud App Security Trend Micro Email Security XDR Endpoint Sensor Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access TXOne Stellar（內部部署）電子郵件感測器 Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry Trend Vision One Mobile Security 趨勢科技行動網路安全防護
事件子類	`字串`	-	子事件類別	`DNS` `端口濫用` `端口掃描`	Trend Micro Deep Discovery Inspector
eventSubId	`int64`	-	訪問類型	`4` `101` `102`	Trend Cloud One - Endpoint & Workload Security TXOne Stellar（內部部署）
eventSubName	`字串`	-	事件類型子名稱	`IPS 偵測` `個人防火牆` `攻擊發現`	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security XDR Endpoint Sensor Trend Vision One Zero Trust Secure Access Internet Access Palo Alto Networks 次世代防火牆
額外資訊	`string[]`	-	網路應用程式名稱	`N/A` `Web 客戶端通用` `DCERPC 服務`	Trend Micro Apex One as a Service
檔案建立	`字串`	-	檔案建立日期	`1595918517000`	Trend Micro Apex One as a Service
fileDesc	`字串`	-	檔案描述	`更新 PJRO` `檔案夾` `7z 安裝 SFX (x86)`	Trend Micro Apex One as a Service Trend Cloud One - Container Security
fileExt	`字串`	-	可疑檔案的副檔名	`.lnk` `.exe` `.EXE`	Trend Micro Deep Discovery Inspector
fileHash	`字串`	FileSHA1	觸發規則或政策的檔案的 SHA-1	`DA39A3EE5E6B4B0D3255BFEF95601890AFD80709` `89CE26EAD139D52B8A6B61BFFC6AF89AF246580F` `3AD1F4E7CAA11E5199EE80B8983677ADDD065450`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
fileHashMd5	`字串`	FileMD5	該檔案的 MD5	`d5120786925038601a77c2e1eB9a3a0a`	Palo Alto Networks 次世代防火牆
fileHashSha256	`字串`	FileSHA2	檔案 (fileName) 的 SHA-256	`6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB` `BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294` `12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Vision One Zero Trust Secure Access Internet Access Trend Cloud One - Endpoint & Workload Security Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry
檔案名稱	`string[]`	檔案名稱	檔案名稱	`spoolss` `hosts` `svcrestarttask`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security Trend Vision One Zero Trust Secure Access Internet Access TXOne Stellar（內部部署） Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry
檔案操作	`字串`	-	檔案的操作	`已建立` `已更新` `已刪除`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
filePath	`字串`	FileFullPath	檔案路徑不包含檔案名稱	`安全` `/var/log/audit/audit.log` `應用程式`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector TXOne Stellar（內部部署） Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
檔案路徑名稱	`字串`	FileFullPath	檔案路徑與檔案名稱	`vss` `spoolss` `/etc/hosts`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security TXOne Stellar（內部部署）
檔案大小	`int64`	-	可疑檔案的檔案大小	`0` `1255856` `1237880`	Trend Micro Deep Discovery Inspector Trend Vision One Zero Trust Secure Access Internet Access Trend Micro Apex One as a Service Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
fileType	`字串`	-	可疑檔案的檔案類型	`EXE` `LNK` `MIME`	Trend Micro Deep Discovery Inspector Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry
fileVer	`字串`	-	檔案版本	`10.0.19041.1` `10.0.19041.1766` `10.0.18362.1`	Trend Micro Apex One as a Service
filterName	`字串`	-	篩選器名稱	`連線過濾器` `沙箱` `資料外洩防護`	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Apex One as a Service TXOne EdgeOne（內部部署）
篩選風險等級	`字串`	-	事件的最高層級過濾風險	`資訊` `低` `中`	安全分析引擎
filterType	`字串`	-	篩選器類型	`垃圾郵件過濾器` `大小篩選器`	Trend Micro Apex One as a Service TXOne EdgeOne（內部部署）
韌體	`string[]`	-	Deep Discovery Inspector 韌體版本	`2017-12-01 15:05:07-05:00 3.83.1170 5.0.1555` `2020-11-13 18:04:29-05:00 5.0.1555 5.5.1200` `2020-11-13 18:43:30-05:00 5.5.1200 5.7.1178`	Trend Micro Deep Discovery Inspector
firstAct	`字串`	-	第一次中毒處理行動	`暫不處理` `隔離` `清理`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security
firstActResult	`字串`	-	第一次中毒處理行動結果	`檔案通過` `無法隔離檔案` `檔案已隔離`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security
首次發現	`int64`	-	XDR 日誌首次出現	`1657195233000`	Trend Micro Cloud App Security TXOne Stellar（內部部署）
flowId	`字串`	-	連線 ID	`6717474604962545666` `6915244861077872618` `6915244908215815814`	XDR 附加元件：Deep Discovery Inspector Palo Alto Networks 次世代防火牆
forensicFileHash	`字串`	-	法證資料防護檔案的雜湊值	`177844c5927d0f20da06d79d986c7e7f8c7a3b6a` `da39a3ee5e6b4b0d3255bfef95601890afd80709` `8dab234ab6cd96301f9452994f015a449d629edd`	Trend Micro Apex One as a Service
forensicFilePath	`字串`	-	法證檔案的檔案路徑（當資料外洩防護政策被觸發時，檔案會被已加密並複製到 OfficeScan 伺服器進行事後分析。）	`C:\Program Files (x86)\Trend Micro\OfficeScan Client\dlplite\forensic\frnsc_200411DC0594_xml_184956f80d8_20220314_132326281` `C:\Program Files (x86)\Trend Micro\OfficeScan Client\dlplite\forensic\frnsc_CIL-OPRCOGEN_docx_1f5743ba18c_20211025_225445873` `C:\Program Files (x86)\Trend Micro\OfficeScan Client\dlplite\forensic\frnsc_SHA-ESHOU_h265_1f498d16c96_20220601_082417865`	Trend Micro Apex One as a Service
ftpUser	`字串`	-	FTP 登入使用者名稱	`BANCOAGRARIO\HITACHI` `SevenGuo` `ftpuser_service`	Trend Micro Apex One as a Service
完整路徑	`字串`	FileFullPath	檔案路徑和檔案名稱的組合	`\etc\hosts` `c:\windows\system32\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask` `\var\log\auth.log`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Trend Micro Deep Security TXOne Stellar（內部部署） Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
群組	`字串`	-	OSSEC 規則組名稱	`auditd,audit,` `dirservice_log,authentication_failure,` `windows,authentication_failures,`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
hasdtasres	`字串`	-	日誌是否包含來自沙箱的報告	`否` `是`	Trend Micro Deep Discovery Inspector
highlightMailMsgSubject	`字串`	-	電子郵件主旨	`交付狀態` `未送達郵件退回給寄件人` `郵件成功傳送報告`	Trend Micro Email Security
highlightedFileHashes	`string[]`	FileSHA1	突出顯示檔案的 SHA-1 雜湊值	`C9877617DB6715792F9D5C959C1E8D4E56D0C281` `0340A8EE3AD2990E3EDCDB2E471EAA45B4286722` `0E56D9540B07ED15EF745348D35C72A6A00A0BD9`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
highlightedFileName	`string[]`	-	可疑附件的檔案名稱	`detect_me.zip` `covid.zip`	Trend Micro Cloud App Security 電子郵件感測器
hostName	`字串`	網域名稱主機域	客戶主機的電腦名稱（由 Deep Discovery Inspector 偵測到的可疑 URL 的主機名稱）	`Let's Encrypt` `35.247.144.219` `204.65.0.20`	Trend Micro Deep Discovery Inspector Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne（內部部署） Palo Alto Networks 次世代防火牆
主機嚴重性	`int32`	-	安全威脅的嚴重性（特定於 interestedIp）	`1` `2` `4`	Trend Micro Deep Discovery Inspector
hotFix	`string[]`	-	已套用的 Deep Discovery Inspector HotFix 版本	`2021-07-22 15:08:01+08:00 HotFix 1042 hfb1042 套用` `2021-12-22 09:03:42-06:00 HotFix 1211 hfb1211 套用` `2022-03-30 13:16:28-07:00 HotFix 1218 hfb1218 套用`	Trend Micro Deep Discovery Inspector
httpReferer	`字串`	URL	HTTP 來源	`http://201.174.161.181/` `http://info2/home/` `http://lpcare.corp.pvt/loopcare/CircuitTest.jsp`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆 Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
httpRespContentType	`字串`	-	HTTP 回應資料內容類型	`Application/json`	Palo Alto Networks 次世代防火牆
httpXForwardedFor	`字串`	-	HTTP X-Forwarded-For 標頭	`192.168.1.103, 192.168.1.104, 192.168.1.106`	Palo Alto Networks 次世代防火牆
icmpCode	`int32`	-	ICMP 通訊協定代碼欄位	`0`	趨勢科技行動網路安全防護
icmpType	`int32`	-	ICMP 通訊協定類型	`0` `3`	趨勢科技行動網路安全防護
instanceId	`字串`	-	實例的 ID 表示元雲端或資料中心 VM	`52294e7b-f732-c6e9-b2c3-7a6b6f50d101` `00030912-c5e7-4348-9012-7c684751c531` `0008ae58-db0c-34ee-3e5c-5dfc9b10a739` `i-0b22a22eec53b9321`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Cloud One - Cloud Sentry 趨勢科技行動網路安全防護
instanceName	`字串`	-	指示元雲端或資料中心虛擬機的實例名稱	`instapecot-1`	趨勢科技行動網路安全防護
完整性等級	`int32`	-	進程的完整性級別	`16384`	XDR Endpoint Sensor
感興趣的群組	`字串`	-	與使用者定義的來源 IP 或目標 IP 關聯的網路群組	`預設` `DATACENTER Lumen/FORTIGATE 網路 - AD ESTACIO CORP` `資料中心服務 DL_已部署封鎖`	Trend Micro Deep Discovery Inspector
感興趣的主機	`字串`	網域名稱	端點主機名稱（例如，如果內部網路主機訪問可疑的網路主機，內部網路主機是 "peerHost"，而網路主機是 "interestedHost"）	`10.124.17.69 (swpos-aws-aza02) [i-0fd28720e80225308]` `10.124.21.139 (swpos-aws-azc02) [i-07e2c4a803cd0fa93]` `es-dtc-w-dc02.estacio.corp`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service
interestedIp	`string[]`	IPv4 IPv6	感興趣主機的 IP	`192.168.204.215` `192.168.26.167` `192.168.46.168`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Cloud One - Network Security TXOne EdgeOne（內部部署）
interestedMacAddress	`字串`	-	日誌擁有者 MAC 位址	`00:05:9A:3C:7A:00` `00:50:56:9E:8B:EF` `00:50:56:87:6F:FD`	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector TXOne EdgeOne（內部部署）
ircChannelName	`字串`	-	IRC 頻道名稱	`ManageEngine` `未知` `全球產品交付組`	Trend Micro Deep Discovery Inspector
ircUserName	`字串`	-	IRC 使用者名稱	`R3` `ManageEngineCA` `DigiCert TLS RSA SHA256 2020 CA1`	Trend Micro Deep Discovery Inspector
isEntity	`字串`	-	當前實體（或變更/修改後）	`{"key":"VSS","type":"Service","attributes":[{"friendlyValue":null,"name":"binaryPathName","value":"C:\\Windows\\system32\\vssvc.exe"},{"friendlyValue":"manual","name":"startType","value":"3"},{"friendlyValue":"running","name":"state","value":"4"}]}` `{"key":"VSS","type":"Service","attributes":[{"friendlyValue":null,"name":"binaryPathName","value":"C:\\Windows\\system32\\vssvc.exe"},{"friendlyValue":"manual","name":"startType","value":"3"},{"friendlyValue":"stopped","name":"state","value":"1"}]}` `{"key":"/etc/hosts","type":"File","attributes":[]}`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
isHidden	`字串`	-	是否偵測日誌產生了灰色規則匹配	`是`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service
isPrivateApp	`bool`	-	請求的應用程式是否為私人	`true` `false`	Trend Vision One Zero Trust Secure Access Internet Access
isProxy	`bool`	-	是否為 Proxy	`false`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
isRetroScan	`bool`	-	事件是否符合安全分析引擎篩選條件	`true`	安全分析引擎
ja3Hash	`字串`	-	通過網路感測器或裝置檢測到的 SSL/TLS 客戶端應用程式的指紋	`72a589da586844d7f0818ce684948eea` `cd08e31494f9531f560d64c695473da9` `6dca00d8741247e245e4f2a632f1e62b`	Trend Micro Deep Discovery Inspector
ja3sHash	`字串`	-	通過網路感測器或裝置檢測到的 SSL/TLS 伺服器應用程式指紋	`e54965894d6b45ecb4323c7ea3d6c115` `ec74a5c51106f0419184d0dd08fb05bc` `ba1b42efc7dc57bb43bf81de59791c1b`	Trend Micro Deep Discovery Inspector
k8sNamespace	`字串`	-	容器的 Kubernetes 命名空間	`預設`	Trend Cloud One - Container Security
k8sPodId	`字串`	-	容器的 Kubernetes pod ID	`fc550ed4-3b54-402a-a56d-46096c285660`	Trend Cloud One - Container Security
k8sPodName	`字串`	-	容器的 Kubernetes pod 名稱	`ubuntu-ds-fp2jk`	Trend Cloud One - Container Security
上次見到	`int64`	-	上次出現 XDR 日誌的時間	`1657195233000`	Trend Micro Cloud App Security TXOne Stellar（內部部署）
日誌金鑰	`字串`	-	事件的唯一鍵	`000D3A920166-5C348B85-05A7-6D6A-DA63_52294e7b-f732-c6e9-b2c3-7a6b6f50d101_88d7575d75e1d7f79d95300dd2cab4a85352a0707ebd43f968ab550991e3e915` `000D3A920166-5C348B85-05A7-6D6A-DA63_52294e7b-f732-c6e9-b2c3-7a6b6f50d101_c1802e89c5df3676025af5743a1dfe2d9f6d99da33cf3dcd7c02ad9ceb64e844` `000D3A920166-5C348B85-05A7-6D6A-DA63_52294e7b-f732-c6e9-b2c3-7a6b6f50d101_34392932f47013709193001781e05a4b3f78ea17e1618753f79e9436258af004`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access
logReceivedTime	`int64`	-	接收 XDR 日誌的時間	`1656324260000`	安全分析引擎
登入用戶	`string[]`	-	遙測事件符合安全分析引擎篩選條件，logonUsers 儲存原始事件的 logonUsers 值	`BHBShortJ`	安全分析引擎
mDevice	`string[]`	-	來源 IP	`10.0.0.5` `10.0.0.4` `fe80::84c4:509e:6fdd:5493`	Trend Micro Apex One as a Service
mDeviceGUID	`字串`	-	代理主機的 GUID	`C5B09EDD-C725-907F-29D9-B8C30D18C48F` `C05B75AB-B518-BDD0-D2B5-E9CB631C539F` `9C28ACD3-D0EC-22A4-B08D-5B0BEFF501FC`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security
郵件傳送時間	`字串`	-	郵件傳送時間	`1900-1-1 00:00:00`	Trend Micro Apex One as a Service
mailFolder	`字串`	-	電子郵件資料夾名稱	`CATEGORY_PROMOTIONS, UNREAD, INBOX` `未讀, 個人, 收件匣` `未讀, 類別更新, 收件匣`	Trend Micro Cloud App Security
mailMsgId	`字串`	-	電子郵件的網路訊息 ID	`<SN6PR03MB40770D20B897A833A189E1BAB3959@SN6PR03MB4077.namprd03.prod.outlook.com>` `<SA2PR03MB5692533AF2F5A3060E930F0FABB99@SA2PR03MB5692.namprd03.prod.outlook.com>` `<SN6PR03MB399864EA5747F28C2275EF8AB0BA9@SN6PR03MB3998.namprd03.prod.outlook.com>`	Trend Micro Cloud App Security
郵件訊息主旨	`字串`	電子郵件主旨	電子郵件主旨	`mail.dhr-rgv.com` `ManageEngine`	Trend Micro Cloud App Security Trend Micro Deep Discovery Inspector Trend Micro Email Security Trend Micro Apex One as a Service 電子郵件感測器 Palo Alto Networks 次世代防火牆
mailReceivedTime	`字串`	-	接收郵件的時間戳	-	Trend Micro Cloud App Security Trend Micro Email Security
mailSmtpFromAddresses	`string[]`	-	寄件者的信封地址	`info@moriaa.com` `return@mundomai.tk` `mark@usaroadtravel.com`	Trend Micro Email Security
mailSmtpHelo	`字串`	-	使用 SMTP HELO 命令的電子郵件伺服器的網域名稱	`fh105.mc.pd25.com` `repost01.tmes.trendmicro.com` `smtp15-ukb-sp1.mta.salesforce.com`	Trend Micro Email Security
mailSmtpOriginalRecipients	`string[]`	-	原始收件人的信封地址	`customermarketing@flowserve.com` `vivo@vivo.com.br` `naoresponder@vivo.com.br`	Trend Micro Email Security
mailSmtpRecipients	`string[]`	-	當前收件人的信封地址	`customermarketing@flowserve.com` `vivo@vivo.com.br` `naoresponder@vivo.com.br`	Trend Micro Email Security
mailSmtpTls	`字串`	-	SMTP TLS 版本	`noTLS` `TLS 1.2` `TLS 1.3`	Trend Micro Email Security
mailUniqueId	`字串`	-	電子郵件的唯一 ID	`AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0AKyx0pMp-d0SbD3eaNWuhcQABfyTyLgAA` `15c6ec783680d78f` `15dd115e3b5de80f`	Trend Micro Cloud App Security
郵箱	`字串`	-	受趨勢科技保護的郵箱	`jesada.gonkratoke@scb.co.th` `matias.figini@cencosud.com.ar` `MONITORING@trendmicro.com`	Trend Micro Cloud App Security Trend Micro Email Security Trend Vision One Mobile Security 電子郵件感測器
主要病毒類型	`字串`	-	病毒類型	`病毒` `可疑活動` `特洛伊木馬程式` `TROJ`	Trend Micro Deep Security Trend Cloud One - Endpoint & Workload Security Trend Vision One Mobile Security TXOne EdgeOne（內部部署） TXOne Stellar（內部部署） Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
malDst	`字串`	-	惡意程式感染目標	`3334_02W3P7` `2666_02N413` `3334_02NHEL`	Trend Micro Apex One as a Service
malFamily	`字串`	-	安全威脅家長防護	`等同` `入門版` `0`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Vision One 檔案安全
malName	`字串`	-	檢測到的惡意程式名稱	`安全級別下降` `記錄所有規則` `USR_SUSPICIOUS_DOMAIN.UMXX`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Web Security TXOne Stellar（內部部署）電子郵件感測器 Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
malSrc	`字串`	FileFullPath	惡意程式感染來源	`\\10.172.1.33\kortiz` `\\10.240.0.148\wbind` `\\10.240.1.69\MT26933059`	Trend Micro Apex One as a Service 趨勢科技行動網路安全防護
malSubType	`字串`	-	子病毒類型	`未知`	Trend Micro Apex One as a Service Trend Vision One 檔案安全
malType	`字串`	-	網路內容關聯引擎規則的風險類型	`其他` `惡意程式` `其他`	Trend Micro Deep Discovery Inspector Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security Trend Vision One 檔案安全
malTypeGroup	`字串`	-	網路內容關聯引擎規則的風險類型組別	`其他` `惡意程式` `間諜程式`	Trend Micro Deep Discovery Inspector Trend Vision One 檔案安全
匹配內容	`string[]`	-	一對多資料結構	`matchedContentEx:NISSI RAQUEL LOMA CHICA 25 PLAZAS DE GUADALUPE 2222130076 0297-18 1 24 學生宿舍, matchedInfo:0,4` `matchedContentEx:TERAPIA - SP/SADT 1 - Registro ANS 3 - Nº da Guia Principal 34.388-9 4 - 資料防護 da Autorização 5 -, matchedInfo:0,7` `matchedContentEx:Ta,Ta.append=_a.append,Ta.empty=_a.empty,Ta.node=_a.node,Ta.call=_a.call,Ta.size=_a.size,Ta.select=f, matchedInfo:0,5`	Trend Micro Apex One as a Service
mimeType	`字串`	-	回應主體的 MIME 類型或內容類型	`application/octet-stream` `application/json; charset=utf-8` `application/json`	Trend Vision One Zero Trust Secure Access Internet Access
次要病毒類型	`字串`	-	次要病毒類型	`勒索軟體` `BANKER` `憑證`	Trend Vision One Mobile Security
mitigationTaskId	`字串`	-	唯一的 ID 來識別緩解請求	`09dcd06f-2f9c-4bab-8114-f823620fecb6` `0ed72c3c-05af-4c16-b2c4-789eaeccb944` `0f29cfc3-954a-4fd9-954e-bf14f7253d20`	Trend Micro Deep Discovery Inspector
mitreMapping	`string[]`	-	MITRE 標籤	`T1090 (TA0011)` `T1071 (TA0011)` `T1071.001 (TA0011)`	Trend Micro Deep Discovery Inspector
mitre版本	`字串`	-	MITRE 版本	`v9` `v6`	Trend Micro Deep Discovery Inspector Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
moduleScanType	`字串`	-	模組掃瞄類型	`傳統`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
mpname	`字串`	-	管理產品名稱	`Cloud One - 工作負載安全` `Apex Central` `Deep Security 軟體`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Cloud One - Network Security
mpver	`字串`	-	產品版本	`Microsoft-Windows-Security-Auditing` `等級 -- 中安全性` `TASK1`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service XDR Endpoint Sensor
msgAct	`字串`	-	訊息動作	`隔離` `傳送`	Trend Micro Apex One as a Service
msgId	`字串`	EmailMessageID	網路訊息 ID	`11.2.00.0007` `mail.dhr-rgv.com` `dameware1svr`	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service 電子郵件感測器
msgTOCUuid	`字串`	-	電子郵件唯一 ID	`b52012c4-6340-11e5-9960-001e4f4ada6e`	Trend Micro Cloud App Security Trend Micro Email Security
msgUuid	`字串`	-	唯一的電子郵件ID	`00027ac3-f8f2-cc8f-d078-3a57f12f3d55` `0005ab64-3992-644c-3592-503c3610cec9` `00062621-fec4-9e4d-7609-25b2b3189214`	Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
msgUuidChain	`字串`	-	訊息 UUID 鏈	`00027ac3-f8f2-cc8f-d078-3a57f12f3d55;00027ac3-f8f2-cc8f-d078-3a57f12f3d55` `0005ab64-3992-644c-3592-503c3610cec9;0005ab64-3992-644c-3592-503c3610cec9` `00062621-fec4-9e4d-7609-25b2b3189214;00062621-fec4-9e4d-7609-25b2b3189214`	Trend Micro Email Security
netBiosDomainName	`字串`	網域名稱	NetBIOS 網域名稱	`TREND`	Microsoft Active Directory
物件操作	`string[]`	-	物件處理動作	`ProcessDump` `FileCollection`	XDR Endpoint Sensor
objectApiName	`字串`	-	API 名稱	`GetIpNetTable`	XDR Endpoint Sensor
objectArtifactIds	`string[]`	-	由 objectAction 生成的工件 ID	`550e8400-e29b-41d4-a716-446655440000_0.dmp` `550e8400-e29b-41d4-a716-446655440000_2.bak`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
物件屬性	`字串`	-	物件屬性	`屬性`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectCmd	`string[]`	CLICommand	物件處理命令行	`C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding` `"C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoLogo -Noninteractive -NoProfile -ExecutionPolicy Bypass "& 'C:\WINDOWS\CCM\SystemTemp\afd6f0e5-e491-4764-a20a-9f1d9edf3cce.ps1'"` `C:\WINDOWS\system32\lsass.exe`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
objectEntityName	`字串`	-	物件實體名稱	`any_process` `exe_file` `powershell`	Trend Micro Apex One as a Service
objectFileAccess	`字串`	-	物件檔案存取詳細資料	`1717658631000`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
物件檔案建立	`字串`	-	物件建立的 UTC 時間	`2014-11-22T01:45:51-06:00` `2009-07-13T23:31:13-05:00` `2014-11-21T02:43:28-05:00`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileHashMd5	`字串`	FileMD5	物件的 MD5	`801E8003C257C8F540B20F1E0DECD3A6` `CDA48FC75952AD12D99E526D0B6BF70A` `D5120786925038601A77C2E1EB9A3A0A`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectFileHashSha1	`字串`	FileSHA1	objectFilePath 物件的 SHA-1	`51B8646308EE0B68AD1F7F1291B85395434DE49A` `36C5D12033B2EAF251BAE61C00690FFB17FDDC87` `2586528000199793730B05D3F169BCF139E4D7A1`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectFileHashSha256	`字串`	FileSHA2	物件 (objectFilePath) 的 SHA-256	`A75C85F3B089993E9C042FB82ECB7757E8F460ED8065FC7991CAA38A6DE0F50C` `908B64B1971A979C7E3E8CE4621945CBA84854CB98D76367B791A6E22B5F6D53` `1A2ABAAD8A166B66CA35AB51C7432C5A7E46996472C8174281842896408D7F96`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectFileModified	`字串`	-	物件被修改的 UTC 時間	-	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileName	`字串`	檔案名稱	物件檔案名稱	`powershell.exe` `wmiprvse.exe` `dismhost.exe`	Trend Micro Apex One as a Service Trend Cloud One - Container Security
objectFilePath	`字串`	FileFullPath	目標處理影像或目標檔案的檔案路徑	`c:\windows\system32\windowspowershell\v1.0\powershell.exe` `zwwritevirtualmemory` `c:\windows\system32\wbem\wmiprvse.exe`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Cloud One - Container Security
objectFirstRecorded	`字串`	-	該物件首次出現的時間	-	Trend Micro Apex One as a Service
objectId	`字串`	-	物件的 UUID	`3` `2`	Trend Micro Apex One as a Service Trend Vision One Zero Trust Secure Access Private Access
objectIp	`string[]`	IPv4 IPv6	網域的 IP 位址	`10.10.23.240` `0.0.0.0` `10.11.3.22`	Trend Cloud One - Endpoint & Workload Security
objectName	`字串`	-	物件檔案或程序的基本名稱	`net.exe`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectPayloadFileHashSha1	`字串`	FileSHA1	物件有效負載檔案的 SHA-1	-
objectPipeName	`字串`	-	物件管道名稱	`\\.\pipe\F451F406BD`	XDR Endpoint Sensor
物件註冊資料	`字串`	登錄值數據	登錄資料內容	`07EFCDAB010001007CE21B54433A0CD356BCEA7C1C5DEE683999E759484BD7E82BDE5B3F598057F5AFCBB15B2C6EFB679F0744879657` `C:\Program Files\AlertMedia\AlertMedia Desktop Notifications\AlertMedia.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectRegistryKeyHandle	`字串`	登錄機碼	登錄機碼路徑	`HKCR\CID\{42003200-2F00-6400-6800-4E0034003800}` `HKLM\SOFTWARE\WOW6432Node\Eos` `HKCU\SOFTWARE\Cerner\InstantAccess`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryRoot	`字串`	-	物件註冊表根機碼的名稱	`HKCR` `HKLM` `HKCU`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectRegistryValue	`字串`	登錄值	登錄值名稱	`1` `金鑰` `reg`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
物件簽署者	`string[]`	-	物件處理程序簽署者清單	`Microsoft Windows` `Microsoft Windows 發行者` `SecureWorks Inc`	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectSignerFlagsAdhoc	`bool[]`	-	物件處理簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
objectSignerFlagsLibValid	`bool[]`	-	物件處理簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
objectSignerFlagsRuntime	`bool[]`	-	物件處理簽章執行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
objectSignerValid	`bool[]`	-	每個對象處理的簽署者是否有效	-	XDR Endpoint Sensor
objectSubType	`字串`	-	政策事件的子類型（當政策事件有子類型時顯示）	`垃圾郵件其他` `惡意程式` `內容過濾`	Trend Micro Cloud App Security Trend Micro Email Security
目標物件處理程序	`字串`	-	目標程序執行 API 的檔案路徑	`C:\\Windows\\System32\\lsass.exe`
物件類型	`字串`	-	物件類型	`檔案` `處理` `qil`	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Email Security XDR Endpoint Sensor Trend Vision One 檔案安全
objectUser	`字串`	UserAccount	目標程序的擁有者名稱或登入的使用者名稱	`系統` `系統` `系統`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectUserDomain	`字串`	-	目標進程的擁有者域	`NT AUTHORITY` `UNEB`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
oldFileHash	`字串`	FileSHA1	目標處理影像或目標檔案的 SHA-1（來自 IM 事件的 wasEntity）	`DA39A3EE5E6B4B0D3255BFEF95601890AFD80709` `89CE26EAD139D52B8A6B61BFFC6AF89AF246580F` `57247B810B0EE61DD86CE24AC14097B9B5405EEC`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
線上	`字串`	-	端點是否在線	`是` `否`	Trend Micro Apex One as a Service
orgId	`字串`	-	組織 ID	`182a3fa0-a3a7-11eb-8590-8d526fa1feaa` `29273bd0-133d-11e8-8330-21b547e8c0e0` `1cd58b70-2238-11e8-8536-65a275de1ba9`	Trend Micro Cloud App Security 電子郵件感測器
originEventSourceType	`字串`	-	原始事件的事件來源類型符合安全分析引擎篩選條件	`EVENT_SOURCE_TELEMETRY`	安全分析引擎
originUUID	`string[]`	-	與安全分析引擎篩選條件匹配的原始事件的 UUID	`5b3a70cb-f338-40fe-b17b-ab8f9aeedee7`	安全分析引擎
originalFileHashes	`string[]`	FileSHA1	原始檔案的雜湊值	`ba4700bfd55741c657a99fbe416787835fb384da` `639dfe4a69c1e6aace1e4eece3b3bb25af6a1392`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
originalFilePaths	`string[]`	FileFullPath 檔案名稱	原始檔案的路徑	`C:\\Users\\cynthia_chen\\Downloads\\virus.exe` `C:\\Users\\cynthia_chen\\Downloads\\test.exe`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
osName	`字串`	-	主機作業系統	`windows 10.0.22000` `windows 10.0.19044` `windows 10.0.19043`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access
osVer	`字串`	-	作業系統版本	`11`	Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access
輸出	`int64`	-	IP資料包長度（以位元組為單位）	`0` `439` `1314`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
overSsl	`字串`	-	是否由 SSL 解密流觸發事件（僅在支援 SSL 檢查時顯示）	`未使用 SSL/TLS` `0` `通過 SSL/TLS`	Trend Micro Deep Discovery Inspector TippingPoint 安全管理系統 Trend Cloud One - Network Security
pAttackPhase	`字串`	-	主要攻擊階段的類別	`橫向移動` `進入點` `資產和Data Discovery`	Trend Micro Deep Discovery Inspector
pComp	`字串`	-	做出檢測的元件	`CAV` `NCIE` `TMUFE`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service
pTags	`字串`	-	事件標記系統	`攻擊-T1059.001，MITRE攻擊檢測` `suppress_alert` `SMB`	Trend Micro Deep Security
parentCmd	`字串`	CLICommand	主體父程序的命令行	`"C:\Tiburon\CommandCAD\Test\Startup.exe"` `C:\WINDOWS\Explorer.EXE` `C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo`	XDR Endpoint Sensor Trend Cloud One - Container Security
parentFileHashMd5	`字串`	FileMD5	主父程序的 MD5	`7B9E6D992AA86F0D2ECDF8F65A6BB792` `2B47C89252BB932B292122E54C3DAF25` `CD10CB894BE2128FCA0BF0E2B0C27C16`	XDR Endpoint Sensor
parentFileHashSha1	`字串`	FileSHA1	主體父程序的 SHA-1	`9CF40F19A625F7033689D04F4C8E1CC6A8FA4F5B` `799AB02945EDB9A37A42A3F742DE73165F4A9665` `1F912D4BEC338EF10B7C9F19976286F8ACC4EB97`	XDR Endpoint Sensor
parentFileHashSha256	`字串`	FileSHA2	主體父程序的 SHA-256	`14A1223722D486ABBC88682AB49AF8E56DC65AC4E153027985BFFFF7C815C0EC` `2EF51284CA9211ADEC3E8E095F386FEC742E0532075894AE99024C65949F935E` `F3FEB95E7BCFB0766A694D93FCA29EDA7E2CA977C2395B4BE75242814EB6D881`	XDR Endpoint Sensor TXOne Stellar（內部部署）
parentFilePath	`字串`	FileFullPath	父程序的完整檔案路徑	`c:\windows\explorer.exe` `c:\tiburon\commandcad\test\startup.exe` `c:\windows\system32\svchost.exe`	XDR Endpoint Sensor
parentHashId	`int64`	-	父程序的FNV	`-1364311042632324339` `1879227689087156956` `4246064157470561345`	XDR Endpoint Sensor
parentIntegrityLevel	`int32`	-	父程序的完整性級別	`16384`	XDR Endpoint Sensor
parentName	`字串`	-	父程序的映像名稱	`explorer.exe` `startup.exe` `svchost.exe`	XDR Endpoint Sensor Trend Cloud One - Container Security
parentPayloadSigner	`string[]`	-	父程序有效載荷的簽名者名稱列表	`Microsoft Windows` `Microsoft Windows 發行者`	XDR Endpoint Sensor
parentPayloadSignerFlagsAdhoc	`bool[]`	-	父程序有效負載簽章臨時標誌列表	-	XDR Endpoint Sensor
parentPayloadSignerFlagsLibValid	`bool[]`	-	父程序有效負載簽章庫驗證標誌列表	-	XDR Endpoint Sensor
parentPayloadSignerFlagsRuntime	`bool[]`	-	父程序有效負載簽章運行時標誌列表	-	XDR Endpoint Sensor
parentPayloadSignerValid	`bool[]`	-	父程序有效負載的每個簽名者是否有效	-	XDR Endpoint Sensor
parentPid	`int32`	-	父程序的 PID	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Deep Security Trend Cloud One - Container Security
parentSigner	`string[]`	-	父程序的簽署者	`Microsoft Windows` `Microsoft Windows 發行者` `Azul Systems, Inc.`	XDR Endpoint Sensor
parentSignerFlagsAdhoc	`bool[]`	-	父程序簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
parentSignerFlagsLibValid	`bool[]`	-	父程序簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
parentSignerFlagsRuntime	`bool[]`	-	父程序簽章執行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
parentSignerValid	`bool[]`	-	父程序的每個簽署者是否有效	-	XDR Endpoint Sensor
父使用者	`字串`	-	父程序的帳號名稱	`管理員`	Trend Cloud One - Endpoint & Workload Security
parentUserDomain	`字串`	-	父程序的網域名稱	`內建網域`	Trend Cloud One - Endpoint & Workload Security
patType	`字串`	-	病毒碼類型	`NCIE CNC 模式` `NCIE RR 模式` `NCIE 使用者定義封鎖清單`	Trend Micro Apex One as a Service
patVer	`字串`	-	行為模式的版本	`35.1053.00` `630` `35.1071.00`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Micro Cloud App Security
pcapUUID	`字串`	-	PCAP 檔案 UUID	`c9ebd33e-4e69-4dff-bd5c-907081e8492c`	Trend Micro Deep Discovery Inspector
peerEndpointGUID	`字串`	-	代理對等主機的端點 GUID	`7a45e787-ab13-41d2-87b5-6e2eb972d6b0`	Trend Micro Deep Discovery Inspector Trend Cloud One - Network Security TippingPoint 安全管理系統
同儕群組	`字串`	-	對等 IP 群組	`預設` `Rede DATACENTER Lumen/PALOALTO VPNSSL - VPN 客戶端` `UHS`	Trend Micro Deep Discovery Inspector
對等主機	`字串`	網域名稱	對等 IP 的主機名稱	`dns.google` `resolver1.level3.net` `dns.opendns.com`	Trend Micro Deep Discovery Inspector
peerIp	`string[]`	IPv4 IPv6	對等主機的 IP	`8.8.8.8` `0.0.0.0` `208.67.222.222`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service
pname	`字串`	-	內部產品 ID	`Trend Micro Deep Security` `Deep Discovery Inspector` `Apex One`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Cloud One - Container Security 電子郵件感測器 Palo Alto Networks 次世代防火牆
policyId	`字串`	-	事件檢測到的策略識別碼	`00000001-0001-0001-0001-000000007610` `007` `003` `apiPostedPolicy-20k8uSUpUtTcLbvkrbBeALP0YEf`	TippingPoint 安全管理系統 Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Network Security Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Cloud One - Container Security
policyName	`字串`	-	觸發的政策名稱	`Steelcase` `Cabot` `Tigre - 中政策` `apiPostedPolicy`	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Web Security Trend Micro Email Security Trend Vision One Zero Trust Secure Access Internet Access TXOne EdgeOne（內部部署） Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
政策範本	`string[]`	-	一對多資料結構	`policyName:監控所有檔案, template:受管理 - 所有檔案` `policyName:HSS DLP, template:所有檔案副檔名` `印度：手機號碼`	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Vision One Zero Trust Secure Access Internet Access
policyTreePath	`字串`	-	政策樹路徑	`policyname1/policyname2/policyname3`	安全分析引擎
policyUuid	`字串`	-	雲端存取或風險控制政策的 UUID，或指示全域已封鎖/核可的 URL 清單規則的硬編碼字串	`7937cb0b-e598-4c8f-a50f-65c32905ba3a` `C!7c4433e3-5b2c-449f-b66e-ccaac006b6f1` `8d265639-7202-4455-b640-48683aa2b57d`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks 次世代防火牆
潛在風險	`字串`	-	是否存在潛在風險	`1` `0`	Trend Micro Deep Discovery Inspector
principalName	`字串`	-	用於登入 Proxy 的使用者主體名稱	`chin.shun@multibank.com.pa` `leonelc@edsitrend.com` `alcides.cuevas@multibank.com.pa`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access Trend Micro Cloud App Security Trend Vision One Zero Trust Secure Access Private Access
處理動作	`string[]`	-	進程操作	`ProcessDump` `FileCollection`	XDR Endpoint Sensor
processArtifactIds	`string[]`	-	由 processAction 生成的工件 ID	`550e8400-e29b-41d4-a716-446655440000_1.dmp` `550e8400-e29b-41d4-a716-446655440000_2.bak`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
processCmd	`字串`	CLICommand	主體進程命令行	`"C:\Program Files (x86)\AADM\AADM.exe"` `/usr/lib/inet/sendmail -bl -q15m` `ComDir`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Deep Security Trend Micro Apex One as a Service Trend Cloud One - Container Security
processFileCreation	`字串`	-	物件建立的 Unix 時間	`1645828113585` `1655412594237` `1647162053219`	Trend Cloud One - Endpoint & Workload Security
processFileHashMd5	`字串`	FileMD5	主體進程的 MD5	`D07ADD0CE6E000D3CD20193B891E8ED3` `1a9ba93ebe4cb60030831f8ce9e7d5f9` `EEE6691B48D2FB604DDF0CBC90D75B0E`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
processFileHashSha1	`字串`	FileSHA1	主體進程的 SHA-1	`C0885381EBAC94AB20E78936434FA208F6B65352` `ac373ed32b491da22924e2e11e36574e5d582a35` `DF93F7DF887E86C3B56539B5046B286001C6F150`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashSha256	`字串`	FileSHA2	主體進程的 SHA-256	`4314A869B8DAE1BD3FFF810B1366E90FB7C961D4A3424260692377FDD87361D2` `7824c45fc033696603fe97d8f193a1872dfb2b5db75f0cda21df27017b3cb623` `1A6D5986EFEAE89308D9EE11B4A7907012603392E0E66D0E529DB09DF1B4CB64`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
processFilePath	`字串`	ProcessFullPath FileFullPath 檔案名稱	主體程序的檔案路徑	`c:\windows\system32\svchost.exe` `c:\windows\system32\windowspowershell\v1.0\powershell.exe` `c:\windows\syswow64\srts\wmipr.exe`	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
processHashId	`int64`	-	主體進程的 FNV	`-2965450813604216022` `7111735426732308768` `-7600358934761747729`	XDR Endpoint Sensor
processImageFileNames	`string[]`	-	檢測到的備份工件的處理影像檔案名稱	`C:\Program Files\aaa\bbb\objprocess.exe` `C:\Program Files\ccc\ddd\sample.exe`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
processImagePath	`字串`	-	由檔案事件觸發的程序	`c:\windows\system32\svchost.exe` `/usr/bin/python2.7` `/usr/bin/sed`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Deep Security Trend Cloud One - Container Security
processLaunchTime	`字串`	-	啟動主體進程的時間	`1656400286556` `1656566610259` `1656587180493`	Trend Cloud One - Endpoint & Workload Security
processName	`字串`	ProcessName	觸發事件的進程映像名稱	`c:\windows\system32\svchost.exe` `/usr/bin/python2.7` `/usr/bin/sed`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Deep Security Trend Cloud One - Container Security Trend Micro Apex One as a Service
processPayloadSigner	`string[]`	-	程序有效負載的簽名者名稱列表	`Microsoft Windows` `Microsoft Windows 發行者`	XDR Endpoint Sensor
processPayloadSignerFlagsAdhoc	`bool[]`	-	進程有效負載簽章臨時標誌列表	-	XDR Endpoint Sensor
processPayloadSignerFlagsLibValid	`bool[]`	-	進程有效負載簽章庫驗證標誌列表	-	XDR Endpoint Sensor
processPayloadSignerFlagsRuntime	`bool[]`	-	進程有效負載簽章運行時標誌列表	-	XDR Endpoint Sensor
processPayloadSignerValid	`bool[]`	-	每個處理程序有效負載的簽署者是否有效	-	XDR Endpoint Sensor
processPid	`int32`	-	主體進程的 PID	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Cloud One - Container Security
processPkgName	`字串`	-	程序包名稱	`MSTeams` `Microsoft.SkypeApp`	XDR Endpoint Sensor
processSigner	`string[]`	-	主體程序的簽署者名稱列表	`Microsoft Windows` `Microsoft Windows 發行者`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
processSignerFlagsAdhoc	`bool[]`	-	進程簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
processSignerFlagsLibValid	`bool[]`	-	進程簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
processSignerFlagsRuntime	`bool[]`	-	進程簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Micro Apex One
處理使用者	`字串`	UserAccount	進程或文件創建者的使用者名稱	`系統` `SVC_JENKINS_CODE_DEV` `網路服務`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
處理使用者網域	`字串`	-	主體處理影像的擁有者網域	`NT AUTHORITY` `DOMAINBA` `PAEDMZ`	Trend Cloud One - Endpoint & Workload Security
productCode	`字串`	-	內部產品代碼	`sds` `pdi` `sao`	安全分析引擎 Palo Alto Networks 次世代防火牆
設定檔	`字串`	-	觸發的安全威脅防護範本或資料外洩防護設定檔的名稱	`主要保護規則` `Multibak 掃描器安全威脅` `預設`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access
proto	`字串`	-	被利用的層網路通訊協定	`6` `TCP` `17`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne（內部部署） Trend Cloud One - Container Security 趨勢科技行動網路安全防護
protoFlag	`字串`	-	資料防護標記	`ACK PSH DF=1` `ACK DF=1` `DF=1`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
版本	`字串`	-	產品版本	`20.0.0.4726` `20.0.0.4416` `6.2.1125`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Mobile Security Trend Cloud One - Container Security Trend Vision One 檔案安全 Trend Cloud One – File Storage Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Cloud Sentry
quarantineFileName	`字串`	-	被隔離物件的檔案路徑	`C:\Program Files\TXOne\StellarProtect\private\quarantine\4429d703-9845-4dff-af25-aab707fb0f19`	TXOne Stellar（內部部署）
quarantineFilePath	`字串`	-	OfficeScan 伺服器的隔離檔案檔案路徑（隔離檔案已加密並複製到 OfficeScan 伺服器以進行事後分析。）	-
隔離類型	`字串`	-	隔離區的描述性名稱	`0` `1` `538`	Trend Micro Apex One as a Service
評分	`字串`	-	可信度等級	`安全` `未知` `危險`	Trend Micro Apex One as a Service
rawDstIp	`字串`	IPv4 IPv6	目標 IP 無替換	`182.223.158.84`	Trend Micro Deep Discovery Inspector
rawDstPort	`int32`	通訊埠	目標通訊埠無替換	`33186`	Trend Micro Deep Discovery Inspector
rawSrcIp	`字串`	IPv4 IPv6	來源 IP 無替換	`108.111.231.95`	Trend Micro Deep Discovery Inspector
rawSrcPort	`int32`	通訊埠	來源通訊埠未替換	`80`	Trend Micro Deep Discovery Inspector
地區代碼	`字串`	-	AWS 區域代碼	`us-east-1`	Trend Cloud One – File Storage Security Trend Cloud One - Cloud Sentry
regionId	`字串`	-	雲端資產區域	`美國東部（北弗吉尼亞）` `歐洲（法蘭克福）`	Trend Cloud One - Endpoint & Workload Security
備註	`字串`	-	其他資訊	`警告：fork：資源暫時不可用` `pam_unix(cron:session): 已為使用者 root 開啟會話 (uid=0)` `WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: SVR-CCS-ARMSD-3.elrosado.com: 使用者 'rherrera' 登入失敗。原因：帳戶已被停用。 [CLIENT: 172.29.3.180]`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Email Security Trend Cloud One - Network Security TXOne EdgeOne（內部部署）電子郵件感測器 Trend Vision One 檔案安全 Trend Cloud One - Cloud Sentry
報告GUID	`字串`	-	Workbench 的 GUID 用於請求報告頁面資料	`959eaca0-bd45-41a1-9fa2-6a80d2642215`	Trend Micro Cloud App Security Trend Vision One 檔案安全
請求	`字串`	URL	顯著的網址	`http://detectportal.firefox.com/canonical.html` `http://35.247.144.219/` `http://35.247.144.219`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Cloud One - Endpoint & Workload Security Trend Vision One Zero Trust Secure Access Internet Access Trend Micro Cloud App Security Trend Cloud One - Network Security Trend Micro Email Security Trend Micro Deep Security Trend Vision One Mobile Security Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks 次世代防火牆
requestBase	`字串`	網域名稱主機域	請求 URL 的網域	`weather.service.msn.com` `activity.windows.com` `login.live.com`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access
requestClientApplication	`字串`	-	通訊協定使用者代理資訊	`Microsoft-Delivery-Optimization/10.0` `Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)` `philandro Software GmbH`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆 Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
requestMethod	`字串`	-	網路通訊協定請求方法	`POST`	Palo Alto Networks 次世代防火牆
respCode	`字串`	-	網路通訊協定回應碼	`302` `200`	Trend Micro Cloud App Security Trend Micro Email Security
重寫的URL	`字串`	-	重寫的 URL	`https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fpageimprove.io%2freact%27&umid=91176188-91a7-474c-b1a0-f5616c525eb5&auth=927c0b1ab45858384aa0e7e4a36abbaf860b921f-1644792ad5ca5887134be3e439c4a8c600000000`	Trend Micro Cloud App Security Trend Micro Email Security
風險信心水平	`字串`	-	風險信心水平	`0` `1` `2`	Trend Micro Apex One as a Service Trend Micro Cloud App Security
風險等級	`字串`	-	風險等級	`1` `高` `無風險`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Cloud App Security XDR Endpoint Sensor Trend Micro Deep Discovery Inspector
rozRating	`字串`	-	整體沙箱評分	`0` `-1` `1`	Trend Micro Deep Discovery Inspector
rtDate	`字串`	-	日誌生成日期	`1655337600000`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security
rtWeekDay	`字串`	-	日誌生成的工作日	`星期一` `星期二` `星期五`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security
ruleId	`int32`	-	規則 ID	`1002795` `1003802`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
ruleId64	`int64`	-	IPS 規則 ID	`1134268` `4026531849` `4026531852`	TXOne EdgeOne（內部部署）
ruleIdStr	`字串`	-	規則 ID	`TM-00000043`	Trend Cloud One - Container Security
規則名稱	`字串`	-	觸發事件的規則名稱	`目錄伺服器 - Microsoft Windows Active Directory` `Microsoft Windows 事件` `Microsoft Windows 安全事件 - 3` `(T1234) 新的可執行檔已建立 (chmod)`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security TippingPoint 安全管理系統 XDR Endpoint Sensor Trend Micro Email Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security 電子郵件感測器 Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
ruleSetId	`字串`	-	規則集 ID	`AllRules-1zSSZPsDqfqkcOt5vNsD6f383HN`	Trend Cloud One - Container Security
規則集名稱	`字串`	-	規則集名稱	`所有規則`	Trend Cloud One - Container Security Trend Cloud One - Network Security TippingPoint 安全管理系統
規則類型	`字串`	-	訪問規則類型	`udso` `進入點` `未知`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Vision One Zero Trust Secure Access Private Access
ruleUuid	`字串`	-	數位疫苗的簽章 UUID	`00000001-0001-0001-0001-000000007610` `00000001-0001-0001-0001-000000007120` `00000001-0001-0001-0001-000000017056`	TippingPoint 安全管理系統 Trend Cloud One - Network Security Trend Micro Cloud App Security Trend Vision One Zero Trust Secure Access Private Access
ruleVer	`字串`	-	規則版本	`202207060001` `202207190001`	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security 電子郵件感測器
sAttackPhase	`字串`	-	第二攻擊階段的類別	`橫向移動` `指揮與控制通訊`	Trend Micro Deep Discovery Inspector
sOSClass	`字串`	-	來源裝置作業系統類別	`Linux`	趨勢科技行動網路安全防護
sOSName	`字串`	-	來源作業系統	`Windows` `Windows 10` `Windows XP`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
sOSVendor	`字串`	-	來源裝置作業系統供應商	`其他`	趨勢科技行動網路安全防護
使用者1	`字串`	UserAccount	來源的最新登入使用者	`corp.uhsinc.biz\altsvc` `000c29edef58` `corpdmz.com\ser-desktopcentral`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
掃描時間	`字串`	-	郵件掃瞄時間	-	Trend Micro Cloud App Security Trend Micro Email Security
掃描類型	`字串`	-	掃瞄類型	`realtime_mailmeta-exchange` `exchange_mailbox_realtime_detection_logs` `閘道即時阻擋流量`	Trend Micro Cloud App Security Trend Micro Email Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security 電子郵件感測器 Trend Vision One 檔案安全 Trend Cloud One - Cloud Sentry
schemaVersion	`字串`	-	架構版本	`1.0`	Trend Micro Cloud App Security
secondAct	`字串`	-	第二個中毒處理行動	`未知` `N/A` `拒絕存取`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security
secondActResult	`字串`	-	第二次中毒處理行動的結果	`未知` `N/A` `拒絕存取`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security
發件人	`字串`	-	漫遊數據用戶或網路流量經過的閘道	`漫遊數據使用者` `VE C&W - 201.224.85.210` `reclnxproxycloud`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access
senderGUID	`字串`	-	發件者 GUID	`346648FC-9862-D2F0-F94C-FAB1A838ABD7` `36E5239E-EEBA-0100-C10E-C057E0455E1D` `9606BBD5-38A7-9024-83C8-9C88A2AF90CC`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Deep Security
senderIp	`string[]`	-	發件者 IP	`10.0.0.5` `10.0.0.4` `10.150.26.18`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Micro Email Security
會話結束	`int64`	-	會話結束時間（以秒為單位）	`1575462989`	Trend Vision One Zero Trust Secure Access Private Access
sessionStart	`int64`	-	會話開始時間（以秒為單位）	`1575462989`	Trend Vision One Zero Trust Secure Access Private Access
嚴重性	`int32`	-	事件的嚴重性	`2` `4` `6` `8`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint 安全管理系統 Trend Cloud One - Network Security Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
shost	`字串`	網域名稱	來源主機名稱	`dns.google` `sw_us-east-1a_10-124-17-69` `sw_us-east-1c_10-124-21-139`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Trend Micro Deep Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
簽署者	`字串`	-	檔案的簽署者	`深圳市智空間軟體技術有限公司;Symantec Class 3 SHA256 Code Signing CA;1429491600;1492649999`	Trend Micro Apex One as a Service
smac	`字串`	-	來源 MAC 位址	`a8:d0:e5:5c:cb:c5` `00:50:56:b2:93:46` `00:09:0f:09:00:06`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne（內部部署） Palo Alto Networks 次世代防火牆
smbSharedName	`字串`	-	伺服器中包含要開啟檔案的共享資料夾名稱	`C:\sharedfolder`	XDR Endpoint Sensor
來源類型	`字串`	-	來源類型	`使用者定義` `沙盒` `syscall`	Trend Micro Apex One as a Service Trend Cloud One - Container Security XDR Endpoint Sensor
存儲過程	`字串`	-	OSSEC 程式名稱	`postfix/sendmail` `CRON` `sshd`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
spt	`int32`	通訊埠	來源通訊埠	`53` `0` `7680`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint 安全管理系統 Trend Micro Deep Security Trend Cloud One - Network Security XDR Endpoint Sensor TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
src	`string[]`	IPv4 IPv6	來源 IP	`8.8.8.8` `0.0.0.0` `10.150.54.5`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint 安全管理系統 Trend Micro Deep Security Trend Cloud One - Network Security XDR Endpoint Sensor Trend Vision One Zero Trust Secure Access Internet Access TXOne EdgeOne（內部部署） Trend Vision One Zero Trust Secure Access Private Access Trend Cloud One - Container Security Palo Alto Networks 次世代防火牆趨勢科技行動網路安全防護
srcEquipmentId	`字串`	-	來源 IMEI	`350548054087659`	趨勢科技行動網路安全防護
srcFamily	`字串`	-	來源裝置家長防護	`電腦防護`	趨勢科技行動網路安全防護
srcFileHashMd5	`字串`	FileMD5	來源檔案的 MD5	-
srcFileHashSha1	`字串`	FileSHA1	來源檔案的 SHA-1	-
srcFileHashSha256	`字串`	FileSHA2	來源檔案的 SHA-256	-
srcFilePath	`字串`	FileFullPath	來源檔案路徑	`C:\\temp\\a.exe`
srcGroup	`字串`	-	由來源管理員定義的群組名稱	`預設` `DATACENTER Lumen/FORTIGATE 網路 - AD ESTACIO CORP` `DATACENTER Lumen/FORTIGATE 網路 - AD YDUQS CORP`	Trend Micro Deep Discovery Inspector 趨勢科技行動網路安全防護
srcLocation	`字串`	-	來源國家	`日本`	Palo Alto Networks 次世代防火牆
srcSubscriberDirNum	`字串`	-	來源 MSISDN	`8618687654321`	趨勢科技行動網路安全防護
srcSubscriberId	`字串`	-	來源 IMSI	`466686007810478`	趨勢科技行動網路安全防護
srcType	`字串`	-	來源裝置類型	`桌上型電腦/筆記型電腦`	趨勢科技行動網路安全防護
srcZone	`字串`	-	由來源管理員定義的網路區域	`1` `0` `2`	Trend Micro Deep Discovery Inspector Palo Alto Networks 次世代防火牆
sslCertCommonName	`字串`	網域名稱主機域	主體通用名稱	`settings-win.data.microsoft.com`	Trend Micro Deep Discovery Inspector
sslCertIssuerCommonName	`字串`	-	發行者通用名稱	`Microsoft Azure TLS 發行 CA 05`	Trend Micro Deep Discovery Inspector
sslCertIssuerOrgName	`字串`	-	發行者組織名稱	`微軟公司`	Trend Micro Deep Discovery Inspector
sslCertOrgName	`字串`	-	主體組織名稱	`Microsoft`	Trend Micro Deep Discovery Inspector
subRuleId	`字串`	-	子規則 ID	`85262` `914520` `18152`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Cloud One - Network Security
子規則名稱	`字串`	-	子規則名稱	`預驗證失敗。` `ATTACK T1070.002,T1070.004：指標移除於主機：清除 Linux 或 Mac 系統日誌，檔案刪除` `ATTACK T1110：多次 Windows 登入失敗` `invisible_url_domain`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security 電子郵件感測器
suid	`字串`	UserAccount	使用者名稱或信箱	`root` `NT AUTHORITY\SYSTEM` `telnet.user@internal.firs.gov.ng`	Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Trend Micro Web Security Trend Micro Deep Security Trend Cloud One - Network Security Trend Vision One Zero Trust Secure Access Internet Access
suser	`string[]`	EmailSender	電子郵寄件者	`WF-BATCH@ngcp.ph` `mckinseyrr@evalueserve.com` `difusionissste@issste.gob.mx`	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service 電子郵件感測器 Palo Alto Networks 次世代防火牆
可疑物件	`字串`	-	匹配的可疑物件	`36ba9de3da9e6f8abfffdda7787ab0ecc16724bb`	XDR Endpoint Sensor
可疑物件類型	`字串`	-	匹配的可疑物件類型	`sha1`	XDR Endpoint Sensor
tacticId	`string[]`	戰術	MITRE 策略 ID 清單	`TA0011` `TA0008` `TA0001`	Trend Micro Deep Discovery Inspector XDR Endpoint Sensor Trend Micro Apex One as a Service
標籤	`string[]`	技術戰術	根據警報篩選器檢測到的技術 ID	`MITREV9.T1090` `MITRE.T1071` `MITREV9.T1059.001`	安全分析引擎 Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
目標	`字串`	-	行為的目標對象	`c:\windows\system32\windowspowershell\v1.0\powershell.exe` `zwwritevirtualmemory` `/proc/211296/exe`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
目標分享	`字串`	FileFullPath	主體州或省（適用於 HTTPS），共享資料夾（適用於 SMB）	`3MHIS` `NETLOGON` `CA`	Trend Micro Deep Discovery Inspector
目標類型	`字串`	-	目標物件類型	`檔案系統` `未分類` `漏洞利用`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
techniqueId	`string[]`	技術	根據偵測規則由產品代理偵測到的技術 ID	-	TXOne Stellar（內部部署）
threatName	`字串`	-	安全威脅名稱	`已封鎖惡意的 CnC 訪問 UDP` `已封鎖惡意的 CnC TCP 存取` `其他受保護的檔案`	Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector
威脅名稱	`string[]`	-	相關的威脅	`HM_GERAL.MIP00000001` `HM_JADTRE.MIP00000001` `VAN_BOT.UMXX`	Trend Micro Deep Discovery Inspector
threatType	`字串`	-	日誌安全威脅類型	`2` `99` `5`	Trend Micro Deep Discovery Inspector Trend Micro Apex One as a Service
觸發	`字串`	-	動作觸發器	`ATSE`	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
urlCat	`string[]`	-	請求的 URL 類別	`未測試` `158` `網頁廣告`	Trend Micro Deep Discovery Inspector Trend Micro Web Security Trend Micro Apex One as a Service Trend Vision One Zero Trust Secure Access Internet Access Trend Micro Cloud App Security Trend Vision One Mobile Security Palo Alto Networks 次世代防火牆 Trend Cloud One - Endpoint & Workload Security
使用者部門	`字串`	-	使用者部門	`操作` `BANCA CONSTRUCCION` `聯絡中心`	Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access
userDomain	`字串`	端點名稱網域名稱帳戶網域	使用者網域	`multibank.com.pa` `COMCEL_DOMINIO` `HDWA`	Trend Micro Apex One as a Service Trend Micro Web Security Trend Vision One Zero Trust Secure Access Internet Access
userDomains	`string[]`	-	遙測事件符合安全分析引擎篩選條件，userDomains 儲存原始事件的 userDomains 值	`CORP`	安全分析引擎
uuid	`字串`	-	日誌的唯一鍵	`000008d7-35fd-4d7b-bada-7f38dca2abf7` `0000116b-ac61-48d2-89e1-3d1ce2d13cdd` `000017f4-ac10-43b4-8aef-97158e0f8533`	安全分析引擎
廠商	`字串`	-	裝置供應商	`adata`	Trend Micro Apex One as a Service
vpcId	`字串`	-	包含雲端資產的虛擬私有雲	`vpc-01234567890abcdef`	Trend Cloud One - Endpoint & Workload Security Trend Cloud One - Cloud Sentry
vsysName	`字串`	-	會話的Palo Alto Networks虛擬系統	`vsys1`	Palo Alto Networks 次世代防火牆
wasEntity	`字串`	-	變更/修改前的實體	`{"key":"VSS","type":"Service","attributes":[{"friendlyValue":null,"name":"binaryPathName","value":"C:\\Windows\\system32\\vssvc.exe"},{"friendlyValue":"manual","name":"startType","value":"3"},{"friendlyValue":"stopped","name":"state","value":"1"}]}` `{"key":"VSS","type":"Service","attributes":[{"friendlyValue":null,"name":"binaryPathName","value":"C:\\Windows\\system32\\vssvc.exe"},{"friendlyValue":"manual","name":"startType","value":"3"},{"friendlyValue":"running","name":"state","value":"4"}]}` `{"key":"/etc/hosts","type":"File","attributes":[]}`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
winEventId	`int32`	-	Windows 事件 ID	`11` `4624` `4670`	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security