casb.trendmicro
Introduction
The tags beginning with casb.trendmicro
identify events generated by Trend Micro.
Valid tags and data tablesÂ
The full tag must have 3 levels. The first two are fixed as casb.trendmicro
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Trend Micro |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
casb.trendmicro.security
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
| Â | Â | Â |
hostname |
| Â | Â | Â |
logItemId |
| Â | Â | Â |
service |
| Â | Â | Â |
event |
| Â | Â | Â |
scanType |
| Â | Â | Â |
affectedUser |
| Â | Â | Â |
location |
| Â | Â | Â |
detectionTime |
| Â | Â | Â |
triggeredPolicyName |
| Â | Â | Â |
triggeredSecurityFilter |
| Â | Â | Â |
action |
| Â | Â | Â |
actionResult |
| Â | Â | Â |
mailMessageId |
| Â | Â | Â |
mailMessageSender |
| Â | Â | Â |
mailMessageRecipient_str |
| join(mailMessageRecipient, ',') | mailMessageRecipient | Â |
mailMessageSubmitTime |
| Â | Â | Â |
mailMessageDeliveryTime |
| Â | Â | Â |
mailMessageSubject |
| Â | Â | Â |
mailMessageFileName |
| Â | Â | Â |
securityRiskName |
| Â | Â | Â |
detectedBy |
| Â | Â | Â |
riskLevel |
| Â | Â | Â |
detectionType |
| Â | Â | Â |
fileSha1 |
| Â | Â | Â |
ransomwareName |
| Â | Â | Â |
fileName |
| Â | Â | Â |
fileUploadTime |
| Â | Â | Â |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  |  | ✓ |