tm-v1-schema

Agentless Vulnerability & Threat Detection

Layer: Cloud

This documentation provides detailed information about all fields available for Agentless Vulnerability & Threat Detection.

Field Name	Type	Searchable	General Field	Description	Example	Products
act	dynamic	true	-	The actions taken to mitigate the event	log isolate terminate not blocked Block No action Reset Pass User Decision	Trend Vision One Container Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Micro Email Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Email Sensor Trend Vision One Mobile Security Mobile Network Security Agentless Vulnerability & Threat Detection
azId	string	true	-	The virtual machine Availability Zone ID	us-east-1b us-west-2a	Agentless Vulnerability & Threat Detection
cloudAccountId	string	true	-	The AWS cloud account ID, Google Cloud product ID, or Azure subscription ID	123456789012 00000000-0000-0000-0000-000000000000 ocid1.compartment.oc1..aaaaaaaa54yuau7prqquu3gqs4jcjzvz2yf7vwlqnkqlixq5tcjsdezqmyua	File Security Storage Agentless Vulnerability & Threat Detection
cloudMachineImageId	string	true	-	The cloud machine image ID	ami-092d1c9fb626c2ba7 3111106172944240963 Oracle-Linux-9.5-aarch64-2025.05.19-0 ubuntu_22_04_x64_20G_alibase_20250113.vhd	Agentless Vulnerability & Threat Detection
cloudMachineImageName	string	true	-	The cloud machine image name	Windows_Server-2022-English-Full-SQL_2022_Standard-2024.05.15 https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian-12-bookworm-v20240617	Agentless Vulnerability & Threat Detection
cloudProvider	string	true	-	The service provider of the cloud asset	alibaba cloud aws azure gcp oci	Trend Cloud One - Endpoint & Workload Security File Security Storage Agentless Vulnerability & Threat Detection
cloudResourceDigest	string	true	-	The cloud resource digest	sha256:e8759728bdf756c2546bf88d772634d4b746ba2be6da74cb68d2a75fb135e29e Z29gD6/9+UmEejeSqt4zcqux+1nNIRdGhoffijjkaBc=	Agentless Vulnerability & Threat Detection
cloudResourceId	string	true	-	The cloud resource ID	vol-00000000000000000 123456789012.dkr.ecr.us-west-1.amazonaws.com/us-west-1-sentry-scan-samples-ecr arn:aws:lambda:us-east-1:000000000000:function:StackSet-SentrySetdb47aff3-cc084aaa-5-sideScanVuln-6Dyn7ZcwCSPw 6132111784399111342 us-east1-docker.pkg.dev/987654321012/ebsscan/ebsscanfunction@sha256:49eb55144d868a5bea1487e35837115f51eb158361c2c11beb6935667a04c489 /subscriptions/bae4f362-e3a0-482f-ba7a-f883d8b410ce/resourceGroups/csf-test-data/providers/Microsoft.Compute/disks/csf-test-shared-ssd ocid1.volume.oc1.iad.abuwcljsobhbezpfpgajgxecncmdjxxq5yiyimx4tdtzm33gawvhvfvn62iq	Agentless Vulnerability & Threat Detection
cloudResourceTags	string	true	-	The cloud resource tags	{'imageTags': ['latest', 'Tag1', 'Tag2']} {'tags': {'Service': 'S3 Updater', 'Department': 'Finance', 'Application': 'Accounting'}} {'CloudResourceTags': [{'Key': 'cost_tag', 'Value': 'Department 123'}]} {'ImageTags': ['latest']}	Agentless Vulnerability & Threat Detection
cloudResourceType	string	true	-	The cloud resource type	alibaba-cloud-repository-image azure-repository-image disk ebs-volume ecr-repository-image lambda-function lambda-layer google-cloud-repository-image oracle-cloud-repository-image	Agentless Vulnerability & Threat Detection
cloudResourceVersion	string	true	-	The cloud resource version	113	Agentless Vulnerability & Threat Detection
compressedFileHash	string	true	FileSHA1	The SHA-1 of the decompressed archive	6E2ECB34B7798E179CC704111FB9733FBAAD5ACA FA71B59F35F0EE44D27F74917EF5A0DA2797E80B 14D2302172EB81465CE12E01361AE24CDE170F7B	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
compressedFileHashSha256	string	true	FileSHA2	The SHA-256 of the compressed suspicious file	60C7C5924DD09F7C6B150120FB92DCEE00AE82DB75C7402FA4D9152CF487A94F 482FFC4F87B78C3C7073983CF65B593D9F13F0A3D6DC54B4A3F616F79838F3CE 68C0126D9B4B0FC32DE181D0D67DA8FE82E23745F6023317D5E053B6F6ED26CF	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
compressedFileName	string	true	FileName	The file name of the compressed file	/proc/32058/fd/150 NONAMEFL /proc/10006/fd/30 VirusActionSample/RPF2_OtherMalwareSample-other.exe	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Agentless Vulnerability & Threat Detection Trend Vision One Container Security
compressedFileType	string	true	-	The file type of the decompressed archive file	EXE JAVA PDF	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection
diskPartitionId	string	true	-	The cloud volume partition ID	1 2	Agentless Vulnerability & Threat Detection
endpointHostName	string	true	EndpointName	The endpoint hostname or node where the event was detected	10.10.10.10 (swpos-aws-aza02) [i-0f0f0f0f0f0f0f0f0] ip-10-10-10-10.us-west-1.compute.internal	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service Endpoint Sensor Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Zero Trust Secure Access - Private Access TXOne StellarOne Trend Vision One Container Security Agentless Vulnerability & Threat Detection Data Detection and Response
endpointIp	dynamic	true	IPv4 IPv6	The IP address of the endpoint on which the event was detected	10.10.10.10	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Network Security TXOne EdgeOne Agentless Vulnerability & Threat Detection Data Detection and Response
eventId	string	true	-	The event ID from the logs of each product	100100 100101 100116 100117 100119	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Endpoint Sensor Trend Micro Email Security TXOne StellarOne Trend Vision One Container Security Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventName	string	true	-	The event type	LOG_INSPECTION_EVENT SECURITY_RISK_DETECTION WEB_THREAT_DETECTION LOG_INSPECTION_EVENT MALWARE_DETECTION PROCESS_ACTIVITY WEB_POLICY_VIOLATION DEEP_PACKET_INSPECTION_EVENT INTEGRITY_MONITORING_EVENT DISRUPTIVE_APPLICATION_DETECTION PRODUCT_SUMMARY PRODUCT_UPDATE BEHAVIORAL_VIOLATION FIREWALL_POLICY_VIOLATION SUSPICIOUS_BEHAVIOUR_DETECTION DENYLIST_CHANGE MACHINE_LEARNING_DETECTION DLP_VIOLATION MALWARE_OUTBREAK_DETECTION SENSITIVE_DATA_DETECTION	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint Security Management System Trend Micro Cloud App Security Trend Micro Email Security Endpoint Sensor Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventSubName	string	true	-	The event type sub-name	IPS Detection Personal Firewall Attack Discovery	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security Endpoint Sensor Zero Trust Secure Access - Internet Access Agentless Vulnerability & Threat Detection
fileHash	string	true	FileSHA1	The SHA-1 of the file that triggered the rule or policy	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 89CE26EAD139D52B8A6B61BFFC6AF89AF246580F 3AD1F4E7CAA11E5199EE80B8983677ADDD065450	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access File Security File Security Storage Agentless Vulnerability & Threat Detection Data Detection and Response
fileHashSha256	string	true	FileSHA2	The SHA-256 of the file (fileName)	6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294 12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access Trend Cloud One - Endpoint & Workload Security File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
fileName	dynamic	true	FileName	The file name	spoolss hosts svcrestarttask	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Zero Trust Secure Access - Internet Access TXOne StellarOne File Security File Security Storage Agentless Vulnerability & Threat Detection
fileSize	string	true	-	The file size of the suspicious file	0 1255856 1237880	Trend Micro Deep Discovery Inspector Network Sensor Zero Trust Secure Access - Internet Access Trend Micro Apex One as a Service File Security File Security Storage Agentless Vulnerability & Threat Detection
fileSystemUuid	string	true	-	The file system UUID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Agentless Vulnerability & Threat Detection
fileType	string	true	-	The file type of the suspicious file	EXE LNK MIME	Trend Micro Deep Discovery Inspector Network Sensor Zero Trust Secure Access - Internet Access File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
fullPath	string	true	FileFullPath	The combination of the file path and the file name	\etc\hosts c:\windows\system32\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask \var\log\auth.log	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security TXOne StellarOne File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
instanceId	string	true	-	The ID of the instance that indicates the meta-cloud or data center VM	52294e7b-f732-c6e9-b2c3-7a6b6f50d101 00030912-c5e7-4348-9012-7c684751c531 0008ae58-db0c-34ee-3e5c-5dfc9b10a739 i-0b22a22eec53b9321 /subscriptions/bae4f362-e3a0-482f-ba7a-f883d8b410ce/resourceGroups/avtd-csf-sg-lzniibr0/providers/Microsoft.Compute/virtualMachines/avtd-csf-scanner-lzniibr0 ocid1.instance.oc1.us-ashburn-1.an2g6ljrgs553pqcjuokzvvwpmwxh564f6f5sx3jpi2sowt6as44uejmsrzq	Trend Micro Apex One as a Service Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Agentless Vulnerability & Threat Detection Mobile Network Security
malName	string	true	-	The name of the detected malware	SecurityLevelDrop Regla Logs All USR_SUSPICIOUS_DOMAIN.UMXX	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Web Security TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
osName	string	true	-	The host OS name	Linux windows 10.0.22000 windows 10.0.19044 windows 10.0.19043	Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Zero Trust Secure Access - Private Access Data Detection and Response Agentless Vulnerability & Threat Detection
pver	string	true	-	The product version	20.0.0.4726 20.0.0.4416 6.2.1125	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Trend Vision One Container Security File Security File Security Storage Agentless Vulnerability & Threat Detection
regionCode	string	true	-	The cloud provider region code	us-east-1	File Security Storage Agentless Vulnerability & Threat Detection
remarks	string	true	-	The additional information	warning: fork: Resource temporarily unavailable pam_unix(cron:session): session opened for user root by (uid=0) WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Email Security Trend Cloud One - Network Security TXOne EdgeOne Email Sensor File Security Agentless Vulnerability & Threat Detection
scanType	string	true	-	The scan type	realtime_mailmeta-exchange exchange_mailbox_realtime_detection_logs gateway_realtime_blocking_traffic malware_schedule_image malware_schedule_file malware_realtime_image malware_realtime_file	Trend Micro Cloud App Security Trend Micro Email Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security Email Sensor File Security Agentless Vulnerability & Threat Detection Trend Vision One Container Security
threatType	string	true	-	The log threat type	2 99 5	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
vpcId	string	true	-	The virtual private cloud that contains the cloud asset	vpc-01234567890abcdef avtd-vnet-ozyww04h ocid1.vnic.oc1.iad.abuwcljs4szq5rylkxikcthyegnqn5mjhkyn3xwtoa3uvbonxqn52nofibgq	Trend Cloud One - Endpoint & Workload Security Agentless Vulnerability & Threat Detection

Field Statistics

• Total Fields: 37
• Layer: Cloud
• Product: Agentless Vulnerability & Threat Detection

---

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.