一般搜尋 | Trend Micro Service Central

檢視次數:

一般欄位	對應欄位			範例
一般欄位	端點活動資料	網路活動資料防護	偵測資料防護	範例
帳戶網域	-	userDomain	userDomain	-
CLICommand	objectCmd parentCmd processCmd	-	processCmd objectCmd parentCmd 機器人指令	"C:\Program Files(x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=en-US --no-sandbox
網域名稱	hostName objectHostName	requestBase userDomain hostName sslCertCommonName shost dhost	hostName 感興趣的主機 userDomain shost dhost denyListHost 網域名稱對等主機 requestBase sslCertCommonName netBiosDomainName	self.events.data.microsoft.com
EmailMessageID	-	msgId	msgId	<rRzmIhBrXbgjvr4uhIwCcbtE6BnmgNTtAU51qWmqY@example.online>
EmailRecipient	-	duser	duser	john_doe@example.com
EmailSender	-	suser	suser	john_doe@example.com
電子郵件主旨	-	郵件主旨	郵件主旨	主題：來自尼日利亞王子的信
EndpointID	endpointGuid	endpointGUID	endpointGUID	e3c49595-09b9-47a3-a43f-6c21aa52e54f
端點名稱	endpointHostName	endpointHostName	endpointHostName userDomain	hr-johndoe1
FileFullPath	objectFilePath parentFilePath processFilePath srcFilePath	檔案名稱	filePath filePathName objectFilePath processFilePath 完整路徑 parentFilePath malSrc 目標分享 srcFilePath	C:\Program Files (x86)\temp\Application\test.exe
FileMd5	objectFileHashMd5 parentFileHashMd5 processFileHashMd5 srcFileHashMd5	-	attachmentFileHashMd5 objectFileHashMd5 parentFileHashMd5 processFileHashMd5 srcFileHashMd5 fileHashMd5	46CFB4E38C6299983048DE39012FD08F
檔案名稱	objectFilePath parentFilePath processFilePath srcFilePath	檔案名稱	檔案名稱 objectFileName compressedFileName attachmentFileName processFilePath	example.exe
FileSHA1	objectFileHashSha1 parentFileHashSha1 processFileHashSha1 srcFileHashSha1	fileHash respFileHash	fileHash attachmentFileHash attachmentFileHashSha1 compressedFileHash denyListFileHash objectFileHashSha1 oldFileHash parentFileHashSha1 processFileHashSha1 appPublicKeySha1 highlightedFileHashes objectPayloadFileHashSha1 srcFileHashSha1	98A9A1C8F69373B211E5F1E303BA8762F44BC898
FileSHA2	objectFileHashSha256 parentFileHashSha256 processFileHashSha256 srcFileHashSha256	fileHashSha256 respFileHashSha256	fileHashSha256 attachmentFileHashSha256 compressedFileHashSha256 objectFileHashSha256 parentFileHashSha256 processFileHashSha256 appDexSha256 srcFileHashSha256	16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a
主機域	hostName	hostName requestBase sslCertCommonName	hostName requestBase sslCertCommonName	-
IPv4	endpointIp objectIp objectIps 目標 src publicSrc	目標 src clientIp serverIp httpXForwardedForIp resolvedUrlIp ObjectIps pktSrcAddr pktDstAddr	src 目標 interestedIp endpointIp peerIp denyListIp objectIp rawSrcIp rawDstIp	192.0.2.0
IPv6	endpointIp objectIp objectIps 目標 src publicSrc	目標 src clientIp serverIp httpXForwardedForIp resolvedUrlIp ObjectIps pktSrcAddr pktDstAddr	src 目標 interestedIp endpointIp peerIp denyListIp objectIp rawSrcIp rawDstIp	2001:0db8:85a3:0000:0000:8a2e:0370:7334
通訊埠	objectPort spt dpt 公開Spt	spt dpt clientPort serverPort resolvedUrlPort	dpt spt rawSrcPort rawDstPort	8080
ProcessFullPath	processFilePath	-	processFilePath	C:\Program Files (x86)\temp\Application\test.exe
ProcessName	processFilePath processName	-	processName	-
登錄機碼	objectRegistryKeyHandle	-	objectRegistryKeyHandle	hklm\software\wow6432node\microsoft\windows\currentversion\run
登錄值	objectRegistryValue	-	objectRegistryValue	its_ie_settings
登錄值數據	物件註冊資料	-	物件註冊資料	wscript "C:\Program Files (x86)\JNJ\ITS_IE_PREF\IE_Preferences.vbs"
戰術	-	-	tacticId 標籤	TA0008
技術	標籤	標籤	techniqueId 標籤	T1210
URL	請求	請求 httpReferer http位置要求	請求 botUrl cccaDestination httpReferer	https://www.example.com
使用者帳戶	登入使用者 objectUser 處理使用者	principalName suid 使用者1 dUser1	suid dUser1 處理使用者使用者1 objectUser	john_doe