tm-v1-schema

File Security

Layer: Cloud

This documentation provides detailed information about all fields available for File Security.

Field Name Type Searchable General Field Description Example Products
compressedFileHash string true FileSHA1 The SHA-1 of the decompressed archive
  • 6E2ECB34B7798E179CC704111FB9733FBAAD5ACA
  • FA71B59F35F0EE44D27F74917EF5A0DA2797E80B
  • 14D2302172EB81465CE12E01361AE24CDE170F7B
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • File Security
  • File Security Storage
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Agentless Vulnerability & Threat Detection
compressedFileHashSha256 string true FileSHA2 The SHA-256 of the compressed suspicious file
  • 60C7C5924DD09F7C6B150120FB92DCEE00AE82DB75C7402FA4D9152CF487A94F
  • 482FFC4F87B78C3C7073983CF65B593D9F13F0A3D6DC54B4A3F616F79838F3CE
  • 68C0126D9B4B0FC32DE181D0D67DA8FE82E23745F6023317D5E053B6F6ED26CF
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • File Security
  • File Security Storage
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Agentless Vulnerability & Threat Detection
compressedFileName string true FileName The file name of the compressed file
  • /proc/32058/fd/150
  • NONAMEFL
  • /proc/10006/fd/30
  • VirusActionSample/RPF2_OtherMalwareSample-other.exe
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • File Security
  • File Security Storage
  • Trend Cloud One - Endpoint & Workload Security
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security
compressedFileSize string true - The file size of the decompressed archive file
  • 0
  • 265314
  • 175864
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • File Security
  • File Security Storage
compressedFileType string true - The file type of the decompressed archive file
  • EXE
  • JAVA
  • PDF
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
confidence int false - The confidence rating returned from TrendX Hybrid Model (predictive machine learning). Values from 1-99. 94
  • Trend Micro Apex One as a Service
  • File Security
customTags dynamic true - The event tags
  • network
  • mitre_discovery
  • Trend Vision One Container Security
  • File Security
engType string true - The engine type
  • Virus Scan Engine (Windows XP/Server 2003, x64)
  • Virus Scan NT Kernel Engine
  • Spyware/Grayware Scan Engine v.6 (64-bit)
  • Trend Micro Apex One as a Service
  • File Security
engVer string true - The engine version
  • 1.0.0.1123_1.0.0.1101
  • 9.0.1004
  • 22.540.1001
  • Endpoint Sensor
  • Trend Micro Cloud App Security
  • Trend Micro Apex One as a Service
  • File Security
eventId string true - The event ID from the logs of each product
  • 100100
  • 100101
  • 100116
  • 100117
  • 100119
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Endpoint Sensor
  • Trend Micro Email Security
  • TXOne StellarOne
  • Trend Vision One Container Security
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Data Detection and Response
eventName string true - The event type
  • LOG_INSPECTION_EVENT
  • SECURITY_RISK_DETECTION
  • WEB_THREAT_DETECTION
  • LOG_INSPECTION_EVENT
  • MALWARE_DETECTION
  • PROCESS_ACTIVITY
  • WEB_POLICY_VIOLATION
  • DEEP_PACKET_INSPECTION_EVENT
  • INTEGRITY_MONITORING_EVENT
  • DISRUPTIVE_APPLICATION_DETECTION
  • PRODUCT_SUMMARY
  • PRODUCT_UPDATE
  • BEHAVIORAL_VIOLATION
  • FIREWALL_POLICY_VIOLATION
  • SUSPICIOUS_BEHAVIOUR_DETECTION
  • DENYLIST_CHANGE
  • MACHINE_LEARNING_DETECTION
  • DLP_VIOLATION
  • MALWARE_OUTBREAK_DETECTION
  • SENSITIVE_DATA_DETECTION
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • TippingPoint Security Management System
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Endpoint Sensor
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Data Detection and Response
fileHash string true FileSHA1 The SHA-1 of the file that triggered the rule or policy
  • DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
  • 89CE26EAD139D52B8A6B61BFFC6AF89AF246580F
  • 3AD1F4E7CAA11E5199EE80B8983677ADDD065450
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • Zero Trust Secure Access - Internet Access
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Data Detection and Response
fileHashSha256 string true FileSHA2 The SHA-256 of the file (fileName)
  • 6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB
  • BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294
  • 12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Zero Trust Secure Access - Internet Access
  • Trend Cloud One - Endpoint & Workload Security
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security
fileName dynamic true FileName The file name
  • spoolss
  • hosts
  • svcrestarttask
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Zero Trust Secure Access - Internet Access
  • TXOne StellarOne
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
filePath string true FileFullPath The file path without the file name
  • security
  • /var/log/audit/audit.log
  • application
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • TXOne StellarOne
  • File Security
  • File Security Storage
fileSize string true - The file size of the suspicious file
  • 0
  • 1255856
  • 1237880
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Zero Trust Secure Access - Internet Access
  • Trend Micro Apex One as a Service
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
fileType string true - The file type of the suspicious file
  • EXE
  • LNK
  • MIME
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Zero Trust Secure Access - Internet Access
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security
fullPath string true FileFullPath The combination of the file path and the file name
  • \etc\hosts
  • c:\windows\system32\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask
  • \var\log\auth.log
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • TXOne StellarOne
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security
malFamily string true - The threat family
  • EQUATED
  • STARTER
  • 0
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • File Security
malName string true - The name of the detected malware
  • SecurityLevelDrop
  • Regla Logs All
  • USR_SUSPICIOUS_DOMAIN.UMXX
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Web Security
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security
malSubType string true - The subsidiary virus type Unknown
  • Trend Micro Apex One as a Service
  • File Security
malType string true - The risk type for Network Content Correlation Engine rules
  • OTHERS
  • MALWARE
  • Others
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • File Security
  • Trend Vision One Container Security
malTypeGroup string true - The risk type group for NCCE (Network Content Correlation Engine) rules. This field comes from NCCP (Network Content Correlation Pattern) rule type definitions.
  • Others
  • Malware
  • Spyware
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • File Security
objectType string true - The object type
  • file
  • process
  • qil
  • Trend Micro Cloud App Security
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Email Security
  • Endpoint Sensor
  • File Security
pver string true - The product version
  • 20.0.0.4726
  • 20.0.0.4416
  • 6.2.1125
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Trend Vision One Container Security
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
remarks string true - The additional information
  • warning: fork: Resource temporarily unavailable
  • pam_unix(cron:session): session opened for user root by (uid=0)
  • WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Apex One as a Service
  • Trend Micro Email Security
  • Trend Cloud One - Network Security
  • TXOne EdgeOne
  • Email Sensor
  • File Security
  • Agentless Vulnerability & Threat Detection
reportGUID string true - The GUID for Workbench to request report page data
  • 00000000-0000-0000-0000-000000000000
  • 11111111-1111-1111-1111-111111111111
  • 22222222-2222-2222-2222-222222222222
  • Trend Micro Cloud App Security
  • File Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
scanType string true - The scan type
  • realtime_mailmeta-exchange
  • exchange_mailbox_realtime_detection_logs
  • gateway_realtime_blocking_traffic
  • malware_schedule_image
  • malware_schedule_file
  • malware_realtime_image
  • malware_realtime_file
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Email Sensor
  • File Security
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Container Security

Field Statistics

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.