...
xdr.trend_micro.vision_one.alerts
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
schema_version |
| |
id |
| |
investigation_status |
| |
workbench_link |
| |
alert_provider |
| |
model |
| |
score |
| |
severity |
| |
created_date_time |
| |
updated_date_time |
| |
impact_scope__desktop_count |
| |
impact_scope__server_count |
| |
impact_scope__account_count |
| |
impact_scope__email_address_count |
| |
impact_scope__entities |
| |
description |
| |
matched_rules |
| |
indicators__id |
| |
indicators__type |
| |
indicators__field |
| |
indicators__value |
| |
indicators__related_entities |
| |
indicators__filter_ids |
| |
indicators__provenance |
| |
indicators_found |
| |
indicators_id |
| |
devo_pulling_id |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
...
Field | Type | Field Transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
|
| |||
logged_date_time |
|
|
| |||
logged_user |
|
|
| |||
logged_role |
|
|
| |||
category |
|
|
| |||
activity |
|
|
| |||
access_type |
|
|
| |||
result |
|
|
| |||
devo_pull_request |
|
|
| |||
details__ip_addr_str |
|
|
| |||
details__ip_addr_ipv4 |
|
| details__ip_addr_str | |||
details__ip_addr_ipv6 |
|
| details__ip_addr_str | |||
details__mailbox |
|
|
| |||
details__trace_id |
|
|
| |||
details__command_id |
|
|
| |||
details__action |
|
|
| |||
details__group_id |
|
|
| |||
details__group_name |
|
|
| |||
details__app |
|
|
| |||
details__product |
|
|
| |||
details__reason |
|
|
| |||
details__removed_agents |
|
|
| |||
details__target_group |
|
|
| |||
details__feature |
|
|
| |||
details__affected_child_groups |
|
|
| |||
details__parent_group_id |
|
|
| |||
details__path |
|
|
| |||
details__group_description |
|
|
| |||
details__quota |
|
|
| |||
details__role |
|
|
| |||
details__from |
|
|
| |||
details__to |
|
|
| |||
details__user |
|
|
| |||
details__status |
|
|
| |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |
xdr.trend_micro.vision_one.observed_attack_techniques
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
source |
| |
uuid |
| |
detected_date_time |
| |
detail__version |
| |
detail__event_time |
| |
detail__tags |
| |
detail__uuid |
| |
detail__product_code |
| |
detail__package_trace_id |
| |
detail__filter_risk_level |
| |
detail__event_id |
| |
detail__event_sub_id |
| |
detail__event_hash_id |
| |
detail__first_seen |
| |
detail__last_seen |
| |
detail__endpoint_guid |
| |
detail__endpoint_host_name |
| |
detail__endpoint_ip |
| |
detail__endpoint_mac_address |
| |
detail__timezone |
| |
detail__pname |
| |
detail__pver |
| |
detail__plang |
| |
detail__pplat |
| |
detail__os_name |
| |
detail__os_ver |
| |
detail__os_description |
| |
detail__os_type |
| |
detail__process_hash_id |
| |
detail__process_name |
| |
detail__process_pid |
| |
detail__session_id |
| |
detail__process_user |
| |
detail__process_user_domain |
| |
detail__process_launch_time |
| |
detail__process_cmd |
| |
detail__auth_id |
| |
detail__integrity_level |
| |
detail__process_file_hash_id |
| |
detail__process_file_path |
| |
detail__process_file_hash_sha1 |
| |
detail__process_file_hash_sha256 |
| |
detail__process_file_hash_md5 |
| |
detail__process_signer |
| |
detail__process_signer_valid |
| |
detail__process_file_size |
| |
detail__process_file_creation |
| |
detail__process_file_modified_time |
| |
detail__process_true_type |
| |
detail__parent_hash_id |
| |
detail__parent_name |
| |
detail__parent_pid |
| |
detail__parent_session_id |
| |
detail__parent_user |
| |
detail__parent_user_domain |
| |
detail__parent_launch_time |
| |
detail__parent_cmd |
| |
detail__parent_auth_id |
| |
detail__parent_integrity_level |
| |
detail__parent_file_hash_id |
| |
detail__parent_file_path |
| |
detail__parent_file_hash_sha1 |
| |
detail__parent_file_hash_sha256 |
| |
detail__parent_file_hash_md5 |
| |
detail__parent_signer |
| |
detail__parent_signer_valid |
| |
detail__parent_file_size |
| |
detail__parent_file_creation |
| |
detail__parent_file_modified_time |
| |
detail__parent_true_type |
| |
detail__object_hash_id |
| |
detail__object_user |
| |
detail__object_user_domain |
| |
detail__object_session_id |
| |
detail__object_file_path |
| |
detail__object_file_hash_sha1 |
| |
detail__object_file_hash_sha256 |
| |
detail__object_file_hash_md5 |
| |
detail__object_signer |
| |
detail__object_signer_valid |
| |
detail__object_file_size |
| |
detail__object_file_creation |
| |
detail__object_file_modified_time |
| |
detail__object_true_type |
| |
detail__object_name |
| |
detail__object_pid |
| |
detail__object_launch_time |
| |
detail__object_cmd |
| |
detail__object_auth_id |
| |
detail__object_integrity_level |
| |
detail__object_file_hash_id |
| |
detail__object_run_as_local_account |
| |
ingested_date_time |
| |
entity_type |
| |
entity_name |
| |
endpoint__ips |
| |
endpoint__agent_guid |
| |
endpoint__endpoint_name |
| |
filters__id |
| |
filters__name |
| |
filters__description |
| |
filters__highlighted_objects |
| |
filters__mitre_tactic_ids |
| |
filters__mitre_technique_ids |
| |
filters__risk_level |
| |
filters_found |
| |
filters_id |
| |
devo_pulling_id |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |