端點活動資料 | Trend Micro Service Central

檢視次數:

欄位名稱	類型	一般欄位	說明	範例	產品
其他資訊	`字串`	-	篩選規則資訊	`預設`	XDR Endpoint Sensor Trend Micro Apex One as a Service
應用程式	`字串`	-	正在被利用的第七層網路通訊協定	`SMB`	XDR Endpoint Sensor
authId	`int64`	-	授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
azId	`字串`	-	請求的虛擬機器的可用區域 ID	`us-east-1b` `us-west-2a`	XDR Endpoint Sensor
頻道	`字串`	-	Windows 事件通道	`安全` `Microsoft-Windows-WMI-Activity/Trace` `Microsoft-Windows-TaskScheduler/Operational`	XDR Endpoint Sensor Trend Micro Apex One as a Service
cloudIdentityAccountId	`字串`	-	用於授權的雲端身份帳號 ID	`111111111111`	XDR Endpoint Sensor
cloudIdentityId	`字串`	-	用於授權的雲端身份 ID	`arn:aws:sts::111111111111:assumed-role/eksctl-aws-test-nodegroup-ng-21d38-NodeInstanceRole-3wPxVEo4zHlK/i-0355006acbbde82b8`	XDR Endpoint Sensor
cloudIdentityName	`字串`	-	用於授權的雲端身份名稱	`AWSsampleToken`	XDR Endpoint Sensor
雲端提供者	`字串`	-	雲端資產的服務提供者	`aws` `Azure`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
cloudServiceApiName	`字串`	-	雲端服務 API	`AssumeRole` `GetCallerIdentity` `ListBuckets`	XDR Endpoint Sensor
cloudServiceName	`字串`	-	雲端服務	`s3.us-east-1.amazonaws.com` `dynamodb.us-west-2.amazonaws.com`	XDR Endpoint Sensor
codeIntegrityOptionEnabled	`bool`	-	系統是否根據驅動程式簽章強制執行簽章核心載入	`1` `0`	XDR Endpoint Sensor
代碼完整性選項測試簽名	`bool`	-	系統是否繞過驅動程式簽章強制檢查並允許載入測試簽署的驅動程式	`1` `0`	XDR Endpoint Sensor
correlationData	`object_correlation[]`	-	用於關聯的資料防護	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
deviceType	`enum_TELEMETRY_DEVICE_TYPE`	-	磁碟機類型	`TELEMETRY_DEVICE_TYPE_UNKNOWN` `TELEMETRY_DEVICE_TYPE_REMOVABLE`	XDR Endpoint Sensor
dpt	`int32`	通訊埠	目標通訊埠	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
目標	`字串`	IPv4 IPv6	目標 IP	`::` `0.0.0.0` `127.0.0.1`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
endpointGuid	`字串`	EndpointID	端點上檢測到事件的主機 GUID	`885fd860-cc63-5c61-9eca-37911c864cc9` `fbcf0426-c46b-4fe7-b3a8-e6896de49ea3`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointHostName	`字串`	端點名稱	端點上檢測到事件的主機名稱	`PHILIPSIBE09` `WHAM6WK8XG2` `MacBook-Pro-del-Meno`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointIp	`string[]`	IPv4 IPv6	偵測到事件的端點 IP 位址	`127.0.0.1` `::1` `fe80::1`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointMacAddress	`string[]`	-	主機 MAC 位址	`00:00:00:00:00:00:00:e0` `0-0-0-0-0-0-0-e0` `00:09:0f:fe:00:01`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataActionName	`字串`	-	執行的操作	`語言元件安裝程式` `群組原則背景處理` `C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe`	Trend Micro Apex One as a Service XDR Endpoint Sensor
eventDataAuthenticationPackageName	`字串`	-	Windows 事件資料的驗證套件名稱	`NTLM` `協商` `MICROSOFT_AUTHENTICATION_PACKAGE_V1_0`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataConsumer	`字串`	-	報告事件的接收者	`HealthDriverEventConsumer="健康事件消費者"` `MemoryEventConsumer="記憶體事件消費者"` `SysEventConsumer="系統事件使用者"`	XDR Endpoint Sensor
eventDataIpAddress	`字串`	-	Windows 事件 4624（成功登入嘗試）的 IP 位址	`-` `10.37.38.237` `10.5.10.5`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataJobOwner	`字串`	-	發起事件的帳戶名稱	`BEI\holdej` `NT AUTHORITY\SYSTEM`	Trend Micro Apex One as a Service
eventDataLogonProcessName	`字串`	-	Windows 事件登入程序名稱	`NtLmSsp` `Advapi` `Advapi`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataLogonType	`字串`	-	Windows 事件 4624（成功登入嘗試）的登入類型	`3` `5` `2`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataOperation	`字串`	-	Windows 事件 11	`Start IWbemServices::ExecQuery - root\ccm : select * from SMS_Authority` `Start IWbemServices::ExecQuery - root\cimv2 : select * from win32_process` `Start IWbemServices::ExecQuery - root\ccm : SELECT * FROM SMS_Authority`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataPath	`字串`	-	Windows 事件資料防護的路徑	`C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe` `taskhostw.exe` `gpupdate.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataProcessPath	`字串`	-	啟動事件的進程路徑	`C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE` `C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe` `C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE`	Trend Micro Apex One as a Service
eventDataProviderName	`字串`	-	Windows 事件資料防護提供者的名稱	`SmsClientMethodProvider` `MS_NT_EVENTLOG_PROVIDER` `RegProv`	XDR Endpoint Sensor
eventDataProviderPath	`字串`	-	Windows 事件資料防護提供者的檔案路徑	`%systemroot%\system32\wbem\ntevt.dll` `%systemroot%\system32\wbem\stdprov.dll` `C:\WINDOWS\CCM\smsclient.dll`	XDR Endpoint Sensor
eventDataScriptBlockText	`字串`	-	Windows 事件 4104（使用 PowerShell 執行遠端命令）	`$global:?` `0` `{ Set-StrictMode -Version 1; $_.PSMessageDetails }`	Trend Micro Apex One as a Service
eventDataServiceFileName	`字串`	-	服務可執行檔的完整檔案路徑	`%SystemRoot%\PSEXESVC.exe` `C:\Windows\System32\svchost.exe -k WinSysRestoreGroup`	XDR Endpoint Sensor
eventDataServiceName	`字串`	-	服務名稱	`PSEXESVC` `WinResSvc`	XDR Endpoint Sensor
事件資料狀態	`字串`	-	Windows 事件資料防護狀態	`0xc000006d` `-1073741715` `0xc000006e`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件資料子狀態	`字串`	-	Windows 事件資料防護子狀態	`0xc0000064` `0xc000006a` `-1073741724`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataTargetUserName	`字串`	-	Windows 事件資料目標的使用者名稱	`提供遠端協助助手` `管理員` `管理員`	Trend Micro Apex One as a Service
eventDataTaskName	`字串`	-	Windows 事件記錄的任務名稱	`\Microsoft\Windows\LanguageComponentsInstaller\Installation` `\Microsoft\Office\Office Serviceability Manager` `\MicrosoftEdgeUpdateTaskMachineUA`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataUserContext	`字串`	-	Windows 事件資料的使用者上下文	`MP\MPBSA179345$` `MP\MPBSASPU179370$` `MP\MPBSA4025625$`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventHashId	`int64`	-	事件雜湊 ID	`-8406473586387535914` `138486453338666581` `-7909265752378976284`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
eventId	`enum_TelemetryHeader.TELEMETRY_EVENT_ID`	-	事件類型	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
事件訊息	`字串`	-	事件訊息	`[0x13bb4e2a0] 啟動連接：mach=true listener=false peer=false name=com.apple.airportd`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventSubId	`enum_TelemetryHeader.TELEMETRY_EVENT_SUB_ID`	-	訪問類型	`2 - TELEMETRY_PROCESS_CREATE` `101 - TELEMETRY_FILE_CREATE` `204 - 遙測_連接_向外連接`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
事件時間	`int64`	-	代理程式偵測到事件的時間	`1657781088000`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
篩選風險等級	`字串`	-	事件的最高風險等級	`資訊` `低` `中`	安全分析引擎
hookId	`int64`	-	掛鉤 ID	`-1` `5` `4`	Trend Micro Apex One as a Service
主機名稱	`字串`	網域名稱主機域	網域名稱	`localhost` `wpad` `settings-win.data.microsoft.com`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
httpReferer	`字串`	URL	HTTP 標頭 referer	`http://201.174.161.181/` `http://info2/home/` `http://lpcare.corp.pvt/loopcare/CircuitTest.jsp`	Trend Micro Apex One as a Service XDR Endpoint Sensor
importTable	`object_ImportTable[]`	-	匯入的表格資訊	-	XDR Endpoint Sensor
importTableFileName	`string[]`	-	匯入函數的庫檔案名稱	`KERNEL32.dll` `ADVAPI32.dll`	XDR Endpoint Sensor
importTableFunctionName	`string[]`	-	匯入的函數檔案名稱	`SwitchToThread/GetSystemInfo` `OpenProcessToken`	XDR Endpoint Sensor
instanceAccountId	`字串`	-	發出請求的虛擬機器的雲端帳號 ID	`111111111111`	XDR Endpoint Sensor
instanceId	`字串`	-	雲端平台上的虛擬機器實例 ID	`i-0b22a22eec53b9321`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
instanceName	`字串`	-	發出請求的虛擬機	`ec2-123-124-0-12.us-west-2.compute.amazonaws.com`	XDR Endpoint Sensor
完整性等級	`int32`	-	進程的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
logReceivedTime	`int64`	-	接收 XDR 日誌的時間	`1656324260000`	安全分析引擎
登入使用者	`string[]`	使用者帳戶	登入使用者名稱	`root` `SISTEMA` `oracle`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
訊息類型	`字串`	-	訊息類型	`預設`	XDR Endpoint Sensor Trend Micro Apex One as a Service
metaSrcExtra	`字串`	-	用於識別事件來源的元數據	`[{'metaSrcUri': ...]`	資料防護檢測與回應
networkInterfaceId	`字串`	-	虛擬機器發出請求的網路介面	`eni-0a1b2c3d4e5f6g7h8`	XDR Endpoint Sensor
objectApiName	`字串`	-	執行的 API 名稱	`GetIpNetTable`	XDR Endpoint Sensor
objectApiRvInNum	`uint64`	-	API 遙測返回值	`0`	XDR Endpoint Sensor
objectAppName	`字串`	-	涉及 AMSI 事件的應用程式	`Exchange Server 2016` `PowerShell_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.19041.1` `PowerShell_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.14393.0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectAuthId	`int64`	-	物件授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectBmData	`字串`	-	BM 事件資料防護	`{"provider":"ORCA","schema_version":1,"data":[{"str":"存取 /proc/<pid>/*"}]}` `{"provider":"ORCA","schema_version":1,"data":[{"str":"source '/etc/profile.d/lang.sh'"}]}` `{"provider":"ORCA","schema_version":1,"data":[{"str":"source '/etc/profile.d/bash_completion.sh'"}]}`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
objectCmd	`字串`	CLICommand	目標進程的命令行輸入	`wc -l` `runc init` `docker-init --version`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectContentName	`字串`	-	AMSI 物件內容名稱	`C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1` `c:\synclog\BLAST_SCAN.vbs`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectCurrentFileSize	`int64`	-	修改後物件檔案的先前大小	`0` `59456` `60`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectCurrentPosixPermission	`字串`	-	新的 POSIX 權限文件用於文件事件和 CHMOD 事件	`1050180`	Trend Cloud One - Endpoint & Workload Security
objectFileAttributesHashId	`int64`	-	文件屬性元信息的哈希 ID	`1626660901647460000` `-3744588546027070000` `8709345175736065000`	XDR Endpoint Sensor
物件檔案建立	`int64`	-	物件檔案建立的時間	`1652131848000` `1577865600000` `1648279273000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileCurrentOwnerName	`字串`	-	物件檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `BUILTIN\Administradores`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileCurrentOwnerSid	`字串`	-	物件檔案的當前安全識別碼擁有者	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileDaclString	`字串`	-	物件檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;OICI;GA;;;SY)(A;OICI;0xa0120000;;;WD)(A;OICI;GA;;;BA)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileExtendedAttribute	`字串`	-	檔案的擴展屬性	`com.apple.quarantine` `com.apple.metadata:kMDItemWhereFroms`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileGroupName	`字串`	-	物件檔案使用者群組名稱	`輪子` `員工` `管理員`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileGroupSid	`字串`	-	物件檔案群組的安全識別碼	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-397955417-626881126-188441444-513`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHash	`字串`	-	目標處理影像或檔案的加密雜湊值，使用特定的雜湊算法來確定	`1ca71017d2fa4775253670e1e55e26912bfdc156`	資料防護檢測與回應
objectFileHashId	`int64`	-	物件檔案雜湊 ID	`2141057820373638746` `-6516669617381620295` `-4912169863817247597`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHashMd5	`字串`	FileMD5	目標處理影像或目標檔案的 MD5 雜湊值	`7ac47235c7bb452a03d3afd872f44c9e` `c9873d83a969645a97f21adc1b164cc5` `3b32b378c8b288de6f15e1607a8c2145`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHashSha1	`字串`	FileSHA1	目標處理影像或目標檔案的 SHA-1 雜湊值	`ded3833f145989fd86c1f4811b61497298ebc7fd` `c4fa06404142f1994431f9eef3df2cbe0f1998f1` `3c01d486ed5aa1ecc2d8f33dc24b0ed59b3e609e`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHashSha256	`字串`	FileSHA2	目標處理影像或目標檔案的 SHA-256 雜湊值	`39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8` `49fa3e206abf6a1f4546417dbe09f3f06b38847866a4a66de75bd90f39cb6c1c` `0969321ad5a0923f0f03896ad2c10e49290515c44b721d773942a37f62a24893`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileIsRemoteAccess	`bool`	-	是否有對目標檔案的遠端存取	-	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectFileModifiedTime	`int64`	-	物件檔案的修改時間	`1652131848000` `1577865600000` `1648279273000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileOriginalName	`字串`	檔案名稱	物件圖像的原始檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileOwnerName	`字串`	-	物件檔案擁有者名稱	`root` `NT SERVICE\TrustedInstaller` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileOwnerSid	`字串`	-	物件檔案擁有者的安全識別碼	`S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFilePath	`字串`	FileFullPath 檔案名稱	目標處理影像或目標檔案的檔案路徑	`/usr/bin/bash` `/bin/bash` `/opt/nimsoft/probes/system/processes/processes`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileRemoteAccess	`bool`	-	是否有對目標檔案的遠端存取	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileSaclString	`字串`	-	物件檔案的系統存取控制清單	`S:無存取控制` `S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;SAFA;0x1f0116;;;WD)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectFileSize	`int64`	-	物件檔案的檔案大小	`0` `59456` `60`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security 資料防護檢測與回應
物件首次發現	`int64`	-	首次看到該物件的時間	`1656458063638` `1656260547165` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectHostName	`字串`	網域名稱	事件偵測到的伺服器名稱	`10.1.222.175` `alertusupstate.ghs.org` `alertusmidlands.palmettohealth.org`	Trend Micro Apex One as a Service XDR Endpoint Sensor
物件完整性層級	`int32`	-	目標進程的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectIp	`字串`	IPv4 IPv6	網路事件的 IP 位址	`10.1.222.175` `10.6.32.77` `167.171.82.37`	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectIps	`string[]`	IPv4 IPv6	事件中的 IP 位址清單	`::1` `127.0.0.1` `::ffff:127.0.0.1`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
上次看到物件	`int64`	-	上次看到該物件的時間	`1656458354730` `1656260580722` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectLaunchTime	`int64`	-	Windows 事件的物件啟動時間	`1616412892557` `1620778597056` `1616414113105`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutFailureMessage	`字串`	-	登入/登出錯誤訊息	`登入錯誤`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutFirstSeen	`int64`	-	首次看到物件簽入/簽出	`1713903612`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutHashId	`int64`	-	物件簽入/簽出中繼資料的 FNV	`-8981232070268295000`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutLastSeen	`int64`	-	上次看到物件簽入/簽出	`1713903612`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutMetaType	`enum_LOGIN_OUT_META_TYPE`	-	登入/登出中繼資料	`1 - LOGIN_OUT_META_TYPE_OPENSSH`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutSessionId	`uint64`	-	登入/登出會話 ID	`260`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutSourceAddress	`字串`	-	登入/登出來源 IP	`10.64.18.49`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutStatus	`int32`	-	登入/登出狀態	`-1`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectName	`字串`	-	物件名稱	`/usr/bin/bash` `/bin/bash` `/opt/nimsoft/probes/system/processes/processes`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectPid	`int32`	-	目標進程的 PID	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectPipeName	`字串`	-	事件的命名管道	`\\.\pipe\name1` `\\serverHostName\pipe\name1` `\\serverIp\pipe\name1`	XDR Endpoint Sensor
objectPort	`int32`	通訊埠	網路事件使用的埠	-	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectPosixPermission	`字串`	-	該檔案的當前 POSIX 權限	`1050112`	Trend Cloud One - Endpoint & Workload Security
objectPosixPermissionHashId	`int64`	-	POSIX 權限雜湊 ID	`-8931783023607716000`	Trend Cloud One - Endpoint & Workload Security
objectProcessHashId	`int64`	-	目標進程 FNV	`1415699552492662761` `-100650285065767982` `-1139416698673814436`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectRawDataSize	`int64[]`	-	Windows 事件物件的原始資料大小	`9` `1` `564`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRawDataStr	`string[]`	-	AMSI 事件的資料防護內容	`$global:?` `0` `$servicename = "WinRM" $arrService = Get-Service $servicename if ($arrService.Status -ne "Running") { Restart-Service $servicename }`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryData	`字串`	登錄值數據	登錄值資料防護	`{00020424-0000-0000-C000-000000000046}` `1` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryKeyHandle	`字串`	登錄機碼	登錄機碼	`HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters` `HKLM\system\currentcontrolset\services\w32time\config` `HKLM\system\currentcontrolset\services\tcpip\parameters`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryValue	`字串`	登錄值	登錄值名稱	`lastknowngoodtime` `threadingmodel` `時代`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectRunAsLocalAccount	`bool`	-	runas 命令是否使用本機帳戶	`0` `1`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectServiceType	`字串`	-	目標檔案類型	`本地` `smb` `網頁`	資料防護檢測與回應
objectSessionId	`int32` `int64`	-	物件會話 ID	`0` `1` `2`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectSigner	`string[]`	-	物件處理或檔案的憑證簽署者	`Microsoft Windows` `軟體簽署;Apple 程式碼簽署認證機構;Apple 根憑證機構;` `微軟公司`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectSignerFlagsAdhoc	`bool[]`	-	物件處理或檔案簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerFlagsLibValid	`bool[]`	-	物件處理或檔案簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerFlagsRuntime	`bool[]`	-	物件處理或檔案簽章執行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerValid	`bool[]`	-	憑證簽署者有效性	`1` `0`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectSubTrueType	`int32`	-	檔案物件真實子類型	`0` `5000` `18000` `28001`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectThreadId	`int64`	-	物件處理緒 ID	`10196` `10104` `10004`	Trend Micro Apex One as a Service
objectTrueType	`int32`	-	檔案物件真實主要類型	`7` `5` `18` `4051`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectUri	`字串`	-	目標檔案路徑	`C://path/of/file.txt`	資料防護檢測與回應
objectUser	`字串`	使用者帳戶	目標程序的擁有者名稱或登入的使用者名稱	`root` `系統` `oracle`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
objectUserGroup	`字串`	-	使用者群組名稱	`員工` `_spotlight` `輪子`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectUserGroupSids	`string[]`	-	物件的使用者群組 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
osDescription	`字串`	-	作業系統版本	`Windows 10 (64 位元)` `Windows 10 專業版 (64 位元) 版本 19044` `Amazon Linux 2 (64 位) (5.4.188-104.359.amzn2.x86_64)`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
osName	`字串`	-	主機作業系統	`Windows` `Linux` `macOS`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
osType	`字串`	-	主機作業系統類型	`0x00000030` `4`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
osVer	`字串`	-	主機作業系統版本	`Amazon Linux 2` `10.0.19044` `10.0.19042`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentAuthId	`int64`	-	父授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentCmd	`字串`	CLICommand	父程序的命令行輸入	`C:\WINDOWS\system32\services.exe` `C:\Windows\system32\services.exe` `/sbin/launchd`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
parentFileCreation	`int64`	-	父文件的創建時間	`1652131848000` `1577865600000` `1635172968000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileCurrentOwnerName	`字串`	-	父檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administradores` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileCurrentOwnerSid	`字串`	-	父檔案的當前安全識別碼擁有者	`S-1-5-32-544` `S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileDaclString	`字串`	-	父檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;OICI;GA;;;SY)(A;OICI;0xa0120000;;;WD)(A;OICI;GA;;;BA)` `D:(A;ID;0x1200a9;;;AC)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;S-1-15-2-2)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileGroupName	`字串`	-	父檔案使用者群組的名稱	`輪子` `管理員` `員工`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileGroupSid	`字串`	-	父程序檔案群組的安全識別碼	`S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-32-544`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashId	`int64`	-	父檔案雜湊 ID	`-4092577940452904134` `2141057820373638746` `-821808160829839906`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashMd5	`字串`	FileMD5	父程序的 MD5 雜湊值	`d8e577bf078c45954f4531885478d5a9` `cd10cb894be2128fca0bf0e2b0c27c16` `cfd65bed18a1fae631091c3a4c4dd533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashSha1	`字串`	FileSHA1	父程序的 SHA-1 雜湊值	`d7a213f3cfee2a8a191769eb33847953be51de54` `1f912d4bec338ef10b7c9f19976286f8acc4eb97` `9ad737cbd8bbdddc96726156dbd3bc03936bf02f`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashSha256	`字串`	FileSHA2	父程序的 SHA-256 雜湊值	`dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674` `f3feb95e7bcfb0766a694d93fca29eda7e2ca977c2395b4be75242814eb6d881` `00f8cbc5b3a6640af5ac18d01bc5a666f6f583b1379b9491e0bcc28ba78c92e9`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileModifiedTime	`int64`	-	父檔案的修改時間	`1652131848000` `1577865600000` `1635172968000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOriginalName	`字串`	檔案名稱	父影像的原始檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOwnerName	`字串`	-	父文件的擁有者名稱	`root` `cit` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOwnerSid	`字串`	-	父文件擁有者的安全識別碼	`S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFilePath	`字串`	FileFullPath 檔案名稱	父程序的檔案路徑	`c:\windows\system32\services.exe` `/usr/bin/bash` `c:\windows\system32\svchost.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileRemoteAccess	`bool`	-	是否有對父檔案的遠端存取	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileSaclString	`字串`	-	父檔案的系統存取控制清單	`S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:無存取控制` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
parentFileSize	`int64`	-	父檔案的檔案大小	`714856` `59952` `5114880`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentHashId	`int64`	-	父哈希 ID	`-865367326691173681` `-2903238741593506113` `-4358168316031740439`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentIntegrityLevel	`int32`	-	父程序的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentLaunchTime	`int64`	-	父程序啟動的時間	`1653614773895` `1656118625928` `0`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentName	`字串`	-	父程序的映像名稱	`c:\windows\system32\services.exe` `/usr/bin/bash` `c:\windows\system32\svchost.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentPid	`int32`	-	父程序的 PID	`1` `976` `920`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentSigner	`string[]`	-	父文件的簽署者	`Microsoft Windows 發行者` `Microsoft Windows` `軟體簽署;Apple 程式碼簽署認證機構;Apple 根憑證機構;`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentSignerFlagsAdhoc	`bool[]`	-	父程序簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentSignerFlagsLibValid	`bool[]`	-	父程序簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentSignerFlagsRuntime	`bool[]`	-	父程序簽章執行時期標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentSignerValid	`bool[]`	-	父簽署者的有效性	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentSubTrueType	`int32`	-	父檔案的真實檔案子類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentTrueType	`int32`	-	父檔案的真實檔案類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
父使用者	`字串`	-	執行父程序的使用者類型	`root` `系統` `SISTEMA`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentUserDomain	`字串`	-	父程序的使用者網域	`NT AUTHORITY` `NT 權限`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentUserGroupSids	`string[]`	-	父使用者群組的 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
pname	`字串`	-	內部產品 ID（已棄用，請使用 productCode）	`2200` `751` `533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
policyIds	`字串`	-	資料防護檢測與回應資料政策 ID	`555a8b4c-c9a7-410c-b218-45517d5cd645`	資料防護檢測與回應
policyTreePath	`字串`	-	政策樹路徑	`policyname1/policyname2/policyname3`	安全分析引擎
processCmd	`字串`	CLICommand	主體進程的命令行輸入	`C:\Windows\system32\lsass.exe` `C:\WINDOWS\system32\lsass.exe` `nimbus（進程）`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
processFileCreation	`int64`	-	進程檔案的建立時間	`1652131848000` `1577865600000` `1635172906000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileCurrentOwnerName	`字串`	-	進程檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `BUILTIN\Administradores`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileCurrentOwnerSid	`字串`	-	進程文件當前安全標識符的所有者	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileDaclString	`字串`	-	該程序文件的自主存取控制清單	`D:(A;ID;0x1200a9;;;AC)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)` `D:(A;ID;FA;;;BA)(A;ID;FA;;;SY)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileGroupName	`字串`	-	進程文件用戶組的名稱	`輪子` `管理員` `員工`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileGroupSid	`字串`	-	進程文件組的安全標識符	`S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-32-544`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashId	`int64`	-	該程序的檔案雜湊	`2141057820373638746` `-821808160829839906` `5222963427542927736`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashMd5	`字串`	FileMD5	主體處理影像的 MD5 雜湊值	`cd10cb894be2128fca0bf0e2b0c27c16` `7ac47235c7bb452a03d3afd872f44c9e` `cfd65bed18a1fae631091c3a4c4dd533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashSha1	`字串`	FileSHA1	主體處理影像的 SHA-1 雜湊值	`1f912d4bec338ef10b7c9f19976286f8acc4eb97` `ded3833f145989fd86c1f4811b61497298ebc7fd` `9ad737cbd8bbdddc96726156dbd3bc03936bf02f`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashSha256	`字串`	FileSHA2	主體處理影像的 SHA-256 雜湊值	`f3feb95e7bcfb0766a694d93fca29eda7e2ca977c2395b4be75242814eb6d881` `39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8` `00f8cbc5b3a6640af5ac18d01bc5a666f6f583b1379b9491e0bcc28ba78c92e9`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileModifiedTime	`int64`	-	該程序文件被修改的時間	`1652131848000` `1633413236462` `1414554708877`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileOriginalName	`字串`	檔案名稱	處理影像的原始檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileOwnerName	`字串`	-	進程文件擁有者名稱	`root` `cit` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileOwnerSid	`字串`	-	進程文件所有者的安全標識符	`S-1-5-32-544` `S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFilePath	`字串`	ProcessFullPath ProcessName FileFullPath 檔案名稱	主體程序的檔案路徑	`/usr/bin/bash` `c:\windows\system32\svchost.exe` `c:\windows\system32\lsass.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileRemoteAccess	`bool`	-	是否有遠端存取程序檔案	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileSaclString	`字串`	-	該程序文件的系統存取控制清單	`S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)` `S:無存取控制`	Trend Micro Apex One as a Service XDR Endpoint Sensor
processFileSize	`int64`	-	進程文件的文件大小	`59952` `59456` `47024`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processHashId	`int64`	-	主體進程的 FNV	`7114696589795796819` `1307755369266815004` `-5015325378148567246`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processLaunchTime	`int64`	-	啟動主體進程的時間	`1653614775212` `1656118626642` `1652098160298`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processName	`字串`	ProcessName	觸發事件的進程映像名稱	`/usr/bin/bash` `c:\windows\system32\svchost.exe` `c:\windows\system32\lsass.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processPid	`int32`	-	主體進程的 PID	`4` `1` `784` `792`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processSigner	`string[]`	-	程序文件簽署者	`Microsoft Windows` `Microsoft Windows 發行者` `微軟公司`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processSignerFlagsAdhoc	`bool[]`	-	進程簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processSignerFlagsLibValid	`bool[]`	-	進程簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processSignerFlagsRuntime	`bool[]`	-	進程簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processSignerValid	`bool[]`	-	程序簽署者的有效性	`1` `0`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processSubTrueType	`int32`	-	該程序的真實文件子類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processTrueType	`int32`	-	該程序的真實檔案類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理使用者	`字串`	使用者帳戶	主體處理影像的擁有者名稱	`root` `系統` `SISTEMA`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
處理使用者網域	`字串`	-	程序使用者網域	`NT AUTHORITY` `NT 權限`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processUserGroupSids	`string[]`	-	進程的使用者群組 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
productCode	`字串`	-	內部產品代碼	`sds` `xes` `sao`	安全分析引擎
providerGUID	`字串`	-	Windows 事件提供者的 GUID	`{54849625-5478-4994-A5BA-3E3B0328C30D}` `{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}` `{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}`	XDR Endpoint Sensor Trend Micro Apex One as a Service
providerName	`字串`	-	Windows 事件提供者的名稱	`Microsoft-Windows-Security-Auditing` `Microsoft-Windows-WMI-Activity` `Microsoft-Windows-TaskScheduler`	XDR Endpoint Sensor Trend Micro Apex One as a Service
proxy	`字串`	-	Proxy 地址	`prx.pro.edenor:8080` `10.10.25.199:8080` `172.16.3.42`	XDR Endpoint Sensor Trend Micro Apex One as a Service
publicSpt	`int32`	通訊埠	發出請求的端點的公共端口	`57163`	XDR Endpoint Sensor
publicSrc	`字串`	IPv4 IPv6	發出請求的端點的公共 IP	`54.231.169.40`	XDR Endpoint Sensor
版本	`字串`	-	產品版本	`1.2.0.2752` `1.0.345` `1.2.0.2657`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
原始資料大小	`int64`	-	Windows 事件日誌的大小	`1128` `1129` `1127`	XDR Endpoint Sensor Trend Micro Apex One as a Service
rawDataStr	`字串`	-	Windows 事件原始內容	`{ "EventData" : { "LogonType" : "", "TargetDomainName" : "", "TargetLogonId" : "", "TargetUserName" : "", "TargetUserSid" : "" } }` `{ "EventData" : { "LogonType" : "10", "TargetDomainName" : "AFASADV", "TargetLogonId" : "14941011731", "TargetUserName" : "管理員", "TargetUserSid" : "S-1-5-21-1507008304-2416677881-2121376573-500" } }` `{ "EventData" : { "LogonType" : "10", "TargetDomainName" : "AIS", "TargetLogonId" : "216921070", "TargetUserName" : "MWoodr01", "TargetUserSid" : "S-1-5-21-1873864278-1756520048-3043165120-15057" } }`	XDR Endpoint Sensor Trend Micro Apex One as a Service
regionId	`字串`	-	雲端資產區域	`美國東部（北弗吉尼亞）` `歐洲（法蘭克福）`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
請求	`字串`	URL	請求 URL	`http://10.1.222.175/Conserver/CommunicationNode` `http:///cgi-bin/admin/param.cgi?action=list&group=Alarm.Status` `http://search.namequery.com/`	Trend Micro Apex One as a Service XDR Endpoint Sensor
ruleId	`int32`	-	規則 ID	`1005566`	XDR Endpoint Sensor Trend Micro Apex One as a Service
smbSharedName	`字串`	-	伺服器中包含檔案的共享資料夾名稱	`sharedfolder`	XDR Endpoint Sensor
spt	`int32`	通訊埠	來源通訊埠	`53` `5353` `443`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
src	`字串`	IPv4 IPv6	來源 IP	`::` `172.20.0.10` `192.168.0.10`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
srcFileCreation	`int64`	-	來源檔案的建立時間	`1577865600000` `1626201752000` `1626201750000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileCurrentOwnerName	`字串`	-	來源檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `AUTORIDADE NT\SISTEMA`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileCurrentOwnerSid	`字串`	-	來源檔案的當前安全識別碼擁有者	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileDaclString	`字串`	-	來源檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcFileGroupName	`字串`	-	來源檔案使用者群組名稱	`輪子` `員工` `NT SERVICE\TrustedInstaller`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileGroupSid	`字串`	-	來源檔案群組的安全識別碼	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHash	`字串`	-	源處理影像或文件的加密雜湊值，使用特定的雜湊算法來確定	`1ca71017d2fa4775253670e1e55e26912bfdc156`	資料防護檢測與回應
srcFileHashMd5	`字串`	FileMD5	來源檔案的 MD5 雜湊值	`e5d5e9c1f65b8ec7aa5b7f1b1acdd731` `a6779bf446db07e4c4ba3516b273c496` `4bb7334fdadc6eccb8e6ab402aae013b`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHashSha1	`字串`	FileSHA1	來源檔案的 SHA-1 雜湊值	`5d34902fecc1760138212ada36be1e742bda5e52` `dbb14dcda6502ab1d23a7c77d405dafbcbeb439e` `2292f8109cd756e790c068a52d50f1b0858f503b`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHashSha256	`字串`	FileSHA2	來源檔案的 SHA-256 雜湊值	`4eaa002225f4ea2dedcd19b7f1337d7c58ea7dd6d4571c12468dde95e6bcfdaf` `e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80` `16b20a3ad485b4fbbe3028c7e743b226db21ea93cacc8b3d7d7d4a731bf02333`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileIsRemoteAccess	`bool`	-	是否有遠端存取原始檔案	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileModifiedTime	`int64`	-	來源檔案的修改時間	`1626201752000` `1626201750000` `1577865600000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileOwnerName	`字串`	-	來源檔案擁有者名稱	`root` `NT SERVICE\TrustedInstaller` `NT AUTHORITY\SYSTEM`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileOwnerSid	`字串`	-	源文件所有者的安全標識符	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-32-544`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFilePath	`字串`	FileFullPath 檔案名稱	來源檔案路徑	`\\cnva-apps\megaclockprod\traveler\travelerprint.accdb` `c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml` `q:\a7_dbs\a4_pkg\a4_packaging.accde`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileSaclString	`字串`	-	來源檔案的系統存取控制清單	`S:無存取控制` `S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileSize	`int64`	-	來源檔案的檔案大小	`0` `131072` `196608`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security 資料防護檢測與回應
srcFirstSeen	`int64`	-	首次看到來源檔案的時間	`0` `1656355418449` `1656714760440`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
上次見到來源	`int64`	-	上次看到來源檔案的時間	`0` `1656355418449` `1656715147313`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
srcServiceType	`字串`	-	來源檔案類型	`本地` `smb` `網頁`	資料防護檢測與回應
srcSigner	`string[]`	-	來源檔案的簽署者	`Microsoft Windows` `微軟公司` `Google LLC`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcSignerFlagsAdhoc	`bool[]`	-	源文件簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerFlagsLibValid	`bool[]`	-	源文件簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerFlagsRuntime	`bool[]`	-	源文件簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerValid	`bool[]`	-	來源檔案簽署者的有效性	-	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcUri	`字串`	-	來源檔案路徑	`C://path/of/file.txt`	資料防護檢測與回應
srcUser	`字串`	-	源進程的擁有者名稱或登入使用者名稱	`root` `系統` `oracle`	資料防護檢測與回應
子系統	`字串`	-	子系統資訊	`com.apple.xpc`	XDR Endpoint Sensor Trend Micro Apex One as a Service
subnetId	`字串`	-	發出請求的虛擬機器的子網路 ID	`子網路-0a1b2c3d4e5f6g7h8`	XDR Endpoint Sensor
標籤	`string[]`	技術	根據警報篩選器檢測到的技術 ID	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	安全分析引擎
時區	`字串`	-	主機時區	`UTC+00:00` `UTC-05:00` `UTC-03:00`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
userDomain	`string[]`	-	使用者網域名稱	`CORP` `NT 權限`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
uuid	`字串`	-	日誌的唯一鍵	`00000003-be87-4aad-add2-d395e4efad3e` `00000014-0493-459d-9f90-93565402f41e` `0000006b-b5ea-4f5e-8d56-ddec452ef3bd`	安全分析引擎
vpcId	`字串`	-	包含雲端資產的虛擬私有雲端	`vpc-01234567890abcdef`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
winEventId	`int32`	-	Windows 事件 ID	`11` `4624` `4670`	XDR Endpoint Sensor Trend Micro Apex One as a Service