Versions Compared

Old Version 5

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

xdr.trend_micro.vision_one.alerts

Field

Type

Extra fields

eventdate

timestamp

hostname

str

schema_version

str

id

str

investigation_status

str

workbench_link

str

alert_provider

str

model

str

score

int4

severity

str

created_date_time

timestamp

updated_date_time

timestamp

impact_scope__desktop_count

int4

impact_scope__server_count

int4

impact_scope__account_count

int4

impact_scope__email_address_count

int4

impact_scope__entities

str

description

str

matched_rules

str

indicators__id

int4

indicators__type

str

indicators__field

str

indicators__value

str

indicators__related_entities

str

indicators__filter_ids

str

indicators__provenance

str

indicators_found

int4

indicators_id

int4

devo_pulling_id

str

hostchain

str

tag

str

rawMessage

str

...

Field

Type

Field Transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

logged_date_time

timestamp

 

 

logged_user

str

 

 

logged_role

str

 

 

category

str

 

 

activity

str

 

 

access_type

str

 

 

result

str

 

 

devo_pull_request

str

 

 

details__ip_addr_str

str

 

 

details__ip_addr_ipv4

ip4

Code Block
ip4(details__ip_addr_str)

details__ip_addr_str

details__ip_addr_ipv6

ip6

Code Block
ip6(details__ip_addr_str)

details__ip_addr_str

details__mailbox

str

 

 

details__trace_id

str

 

 

details__command_id

str

 

 

details__action

str

 

 

details__group_id

str

 

 

details__group_name

str

 

 

details__app

str

 

 

details__product

str

 

 

details__reason

str

 

 

details__removed_agents

str

 

 

details__target_group

str

 

 

details__feature

str

 

 

details__affected_child_groups

str

 

 

details__parent_group_id

str

 

 

details__path

str

 

 

details__group_description

str

 

 

details__quota

int4

 

 

details__role

str

 

 

details__from

str

 

 

details__to

str

 

 

details__user

str

 

 

details__status

bool

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

xdr.trend_micro.vision_one.observed_attack_techniques

Field

Type

Extra fields

eventdate

timestamp

hostname

str

source

str

uuid

str

detected_date_time

timestamp

detail__version

str

detail__event_time

timestamp

detail__tags

str

detail__uuid

str

detail__product_code

str

detail__package_trace_id

str

detail__filter_risk_level

str

detail__event_id

str

detail__event_sub_id

int4

detail__event_hash_id

str

detail__first_seen

timestamp

detail__last_seen

timestamp

detail__endpoint_guid

str

detail__endpoint_host_name

str

detail__endpoint_ip

str

detail__endpoint_mac_address

str

detail__timezone

str

detail__pname

str

detail__pver

str

detail__plang

int4

detail__pplat

int4

detail__os_name

str

detail__os_ver

str

detail__os_description

str

detail__os_type

str

detail__process_hash_id

str

detail__process_name

str

detail__process_pid

int4

detail__session_id

int4

detail__process_user

str

detail__process_user_domain

str

detail__process_launch_time

timestamp

detail__process_cmd

str

detail__auth_id

str

detail__integrity_level

int4

detail__process_file_hash_id

str

detail__process_file_path

str

detail__process_file_hash_sha1

str

detail__process_file_hash_sha256

str

detail__process_file_hash_md5

str

detail__process_signer

str

detail__process_signer_valid

str

detail__process_file_size

str

detail__process_file_creation

timestamp

detail__process_file_modified_time

timestamp

detail__process_true_type

int4

detail__parent_hash_id

str

detail__parent_name

str

detail__parent_pid

int4

detail__parent_session_id

int4

detail__parent_user

str

detail__parent_user_domain

str

detail__parent_launch_time

timestamp

detail__parent_cmd

str

detail__parent_auth_id

str

detail__parent_integrity_level

int4

detail__parent_file_hash_id

str

detail__parent_file_path

str

detail__parent_file_hash_sha1

str

detail__parent_file_hash_sha256

str

detail__parent_file_hash_md5

str

detail__parent_signer

str

detail__parent_signer_valid

str

detail__parent_file_size

str

detail__parent_file_creation

timestamp

detail__parent_file_modified_time

timestamp

detail__parent_true_type

int4

detail__object_hash_id

str

detail__object_user

str

detail__object_user_domain

str

detail__object_session_id

str

detail__object_file_path

str

detail__object_file_hash_sha1

str

detail__object_file_hash_sha256

str

detail__object_file_hash_md5

str

detail__object_signer

str

detail__object_signer_valid

str

detail__object_file_size

str

detail__object_file_creation

timestamp

detail__object_file_modified_time

timestamp

detail__object_true_type

int4

detail__object_name

str

detail__object_pid

int4

detail__object_launch_time

timestamp

detail__object_cmd

str

detail__object_auth_id

str

detail__object_integrity_level

int4

detail__object_file_hash_id

str

detail__object_run_as_local_account

bool

ingested_date_time

timestamp

entity_type

str

entity_name

str

endpoint__ips

str

endpoint__agent_guid

str

endpoint__endpoint_name

str

filters__id

str

filters__name

str

filters__description

str

filters__highlighted_objects

str

filters__mitre_tactic_ids

str

filters__mitre_technique_ids

str

filters__risk_level

str

filters_found

int4

filters_id

int4

devo_pulling_id

str

hostchain

str

tag

str

rawMessage

str