| act |
dynamic |
true |
- |
The actions taken to mitigate the event |
- log
- isolate
- terminate
- not blocked
- Block
- No action
- Reset
- Pass
- User Decision
|
- Trend Vision One Container Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Cloud App Security
- TippingPoint Security Management System
- Endpoint Sensor
- Trend Micro Web Security
- Trend Micro Email Security
- Trend Micro Deep Security
- Trend Cloud One - Network Security
- Zero Trust Secure Access - Internet Access
- TXOne EdgeOne
- Zero Trust Secure Access - Private Access
- Email Sensor
- Trend Vision One Mobile Security
- Mobile Network Security
- Agentless Vulnerability & Threat Detection
|
| clusterId |
string |
true |
- |
The cluster ID of the container |
TestCluster-2HJdImvH6eO1fgTnCBK3xYA7Sph |
Trend Vision One Container Security |
| clusterId |
string |
true |
- |
The cluster ID of the container |
ben_eks_test-20k90A3jGa4d3YMYfrdGIgs7g9u |
Trend Vision One Container Security |
| clusterName |
string |
true |
- |
The cluster name of the container |
TestCluster |
Trend Vision One Container Security |
| clusterName |
string |
true |
- |
The cluster name of the container |
ben_eks_test |
Trend Vision One Container Security |
| compressedFileName |
string |
true |
FileName |
The file name of the compressed file |
- /proc/32058/fd/150
- NONAMEFL
- /proc/10006/fd/30
- VirusActionSample/RPF2_OtherMalwareSample-other.exe
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- File Security
- File Security Storage
- Trend Cloud One - Endpoint & Workload Security
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| containerId |
string |
true |
- |
The Kubernetes container ID |
7d1e00176d78 |
Trend Vision One Container Security |
| containerId |
string |
true |
- |
The Kubernetes container ID |
4102001853b8 |
Trend Vision One Container Security |
| containerImage |
string |
true |
- |
The Kubernetes container image |
debian:latest |
Trend Vision One Container Security |
| containerImage |
string |
true |
- |
The Kubernetes container image |
dockerhub.io/ubuntu:latest |
Trend Vision One Container Security |
| containerImageDigest |
string |
false |
- |
The Kubernetes container image digest |
sha256:bfe6615d017d1eebe19f349669de58cda36c668ef916e618be78071513c690e5 |
Trend Vision One Container Security |
| containerImageDigest |
string |
true |
- |
The Kubernetes container image digest |
sha256:626ffe58f6e7566e00254b638eb7e0f3b11d4da9675088f4781a50ae288f3322 |
Trend Vision One Container Security |
| containerName |
string |
true |
- |
The Kubernetes container name |
k8s_democon_longrunl_default_11111111-1111-1111-1111-111111111111_0 |
Trend Vision One Container Security |
| containerName |
string |
true |
- |
The Kubernetes container name |
k8s_ubuntu_ubuntu-ds-fp2jk_default_00000000-0000-0000-0000-000000000000_2 |
Trend Vision One Container Security |
| customAssetTags |
dynamic |
true |
- |
The list of custom asset tags |
{"os":["linux", "windows"], "org":["bu1"]} |
Trend Vision One Container Security |
| customAssetTags |
dynamic |
true |
- |
The list of custom asset tags |
{"os":["linux", "windows"], "org":["bu1"]} |
- Endpoint Sensor
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
|
| customTags |
dynamic |
true |
- |
The event tags |
|
- Trend Vision One Container Security
- File Security
|
| detectionType |
string |
true |
- |
The detection type |
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Web Security
- Trend Micro Apex One as a Service
- Trend Micro Cloud App Security
- Trend Micro Deep Security
- Trend Micro Email Security
- Zero Trust Secure Access - Internet Access
- Trend Vision One Mobile Security
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
|
| dpt |
int |
true |
Port |
The destination port number |
- |
Trend Vision One Container Security |
| dpt |
int |
true |
Port |
The destination port |
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- TippingPoint Security Management System
- Trend Micro Deep Security
- Trend Cloud One - Network Security
- Endpoint Sensor
- TXOne EdgeOne
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
- Mobile Network Security
|
| dst |
string |
true |
|
The destination IP address |
|
Trend Vision One Container Security |
| dst |
dynamic |
true |
|
The destination IP |
10.10.10.10 |
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- TippingPoint Security Management System
- Trend Micro Deep Security
- Trend Cloud One - Network Security
- Endpoint Sensor
- Zero Trust Secure Access - Internet Access
- TXOne EdgeOne
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
- Mobile Network Security
|
| endpointGUID |
string |
true |
EndpointID |
The GUID of the agent which reported the detection |
- ae4d64aa-f8b8-bb36-b265-f59272ed342f
- 8fb979f6-1376-bed3-227f-f2886e66194e
- ca2b3a7e-8415-c571-cc19-e45f69470026
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- Endpoint Sensor
- Zero Trust Secure Access - Internet Access
- Trend Vision One Mobile Security
- Zero Trust Secure Access - Private Access
- TXOne StellarOne
- Trend Vision One Container Security
- Data Detection and Response
|
| endpointHostName |
string |
false |
- |
The host name of the container or node |
- PHILIPSIBE09
- WHAM6WK8XG2
- MacBook-Pro-del-Meno
|
Trend Vision One Container Security |
| endpointHostName |
string |
true |
EndpointName |
The endpoint hostname or node where the event was detected |
- 10.10.10.10 (swpos-aws-aza02) [i-0f0f0f0f0f0f0f0f0]
- ip-10-10-10-10.us-west-1.compute.internal
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Security
- Trend Micro Apex One as a Service
- Endpoint Sensor
- Zero Trust Secure Access - Internet Access
- Trend Vision One Mobile Security
- Zero Trust Secure Access - Private Access
- TXOne StellarOne
- Trend Vision One Container Security
- Agentless Vulnerability & Threat Detection
- Data Detection and Response
|
| eventId |
int |
true |
- |
Event type |
- |
Trend Vision One Container Security |
| eventId |
string |
true |
- |
The event ID from the logs of each product |
- 100100
- 100101
- 100116
- 100117
- 100119
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- Trend Micro Cloud App Security
- Endpoint Sensor
- Trend Micro Email Security
- TXOne StellarOne
- Trend Vision One Container Security
- Email Sensor
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
- Trend Vision One Mobile Security
- Mobile Network Security
- Data Detection and Response
|
| eventSubId |
int |
true |
- |
The access type |
- 2 - TELEMETRY_PROCESS_CREATE
- 101 - TELEMETRY_FILE_CREATE
- 204 - TELEMETRY_CONNECTION_CONNECT_OUTBOUND
|
Trend Vision One Container Security |
| eventTime |
real |
true |
- |
The time the agent detected the event |
1657781088000 |
Trend Vision One Container Security |
| fileDesc |
string |
true |
- |
The file description |
- Atualiza PJRO
- Carpeta de archivos
- 7z Setup SFX (x86)
|
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
|
| fileHashSha256 |
string |
true |
FileSHA2 |
The SHA-256 of the file (fileName) |
- 6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB
- BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294
- 12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Zero Trust Secure Access - Internet Access
- Trend Cloud One - Endpoint & Workload Security
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| fileType |
string |
true |
- |
The file type of the suspicious file |
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Zero Trust Secure Access - Internet Access
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| fullPath |
string |
true |
FileFullPath |
The combination of the file path and the file name |
- \etc\hosts
- c:\windows\system32\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask
- \var\log\auth.log
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Deep Security
- TXOne StellarOne
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| k8sNamespace |
string |
true |
- |
The Kubernetes namespace of the container |
default |
Trend Vision One Container Security |
| k8sNamespace |
string |
true |
- |
The Kubernetes namespace of the container |
default |
Trend Vision One Container Security |
| k8sPodId |
string |
true |
- |
The Kubernetes pod ID of the container |
11111111-1111-1111-1111-111111111111 |
Trend Vision One Container Security |
| k8sPodId |
string |
true |
- |
The Kubernetes pod ID of the container |
- 00000000-0000-0000-0000-000000000000
- 11111111-1111-1111-1111-111111111111
- 22222222-2222-2222-2222-222222222222
|
Trend Vision One Container Security |
| k8sPodName |
string |
true |
- |
The Kubernetes pod name of the container |
longrunl |
Trend Vision One Container Security |
| k8sPodName |
string |
true |
- |
The Kubernetes pod name of the container |
ubuntu-ds-fp2jk |
Trend Vision One Container Security |
| malName |
string |
true |
- |
The name of the detected malware |
- SecurityLevelDrop
- Regla Logs All
- USR_SUSPICIOUS_DOMAIN.UMXX
|
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Deep Security
- Trend Micro Web Security
- TXOne StellarOne
- Email Sensor
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| malType |
string |
true |
- |
The risk type for Network Content Correlation Engine rules |
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- File Security
- Trend Vision One Container Security
|
| objectFileName |
string |
true |
FileName |
The object file name |
- powershell.exe
- wmiprvse.exe
- dismhost.exe
|
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
- Trend Cloud One - Endpoint & Workload Security
|
| objectFilePath |
string |
true |
|
The file path of the target process image or target file |
- /usr/bin/bash
- /bin/bash
- /opt/folder1/probes/system/processes/processes
|
Trend Vision One Container Security |
| objectFilePath |
string |
true |
FileFullPath |
The file path of the target process image or target file |
- c:\windows\system32\windowspowershell\v1.0\powershell.exe
- zwwritevirtualmemory
- c:\windows\system32\wbem\wmiprvse.exe
|
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Vision One Container Security
|
| objectUser |
string |
true |
UserAccount |
The owner name of the target process or the login user name |
|
Trend Vision One Container Security |
| osName |
string |
false |
- |
The host operating system name |
Linux |
Trend Vision One Container Security |
| parentCmd |
string |
true |
CLICommand |
The command line entry of the parent process |
- C:\WINDOWS\system32\services.exe
- C:\Windows\system32\services.exe
- /sbin/launchd
|
Trend Vision One Container Security |
| parentCmd |
string |
true |
CLICommand |
The command line of the subject parent process |
- "C:\Tiburon\CommandCAD\Test\Startup.exe"
- C:\WINDOWS\Explorer.EXE
- C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
|
- Endpoint Sensor
- Trend Vision One Container Security
|
| parentFilePath |
string |
true |
|
The file path of the parent process |
- c:\windows\system32\services.exe
- /usr/bin/bash
- c:\windows\system32\svchost.exe
|
Trend Vision One Container Security |
| parentLaunchTime |
real |
false |
- |
The time when the parent process was launched |
- 1653614773895
- 1656118625928
- 0
|
Trend Vision One Container Security |
| parentName |
string |
false |
- |
The image name of the parent process |
- /usr/bin/bash
- c:\windows\system32\svchost.exe
- c:\windows\system32\lsass.exe
|
Trend Vision One Container Security |
| parentName |
string |
true |
- |
The image name of the parent process |
- explorer.exe
- startup.exe
- svchost.exe
|
- Endpoint Sensor
- Trend Vision One Container Security
|
| parentPid |
int |
true |
- |
The PID of the parent process |
|
Trend Vision One Container Security |
| parentPid |
int |
true |
- |
The PID of the parent process |
- |
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Micro Deep Security
- Trend Vision One Container Security
|
| platformAssetTags |
dynamic |
true |
- |
The list of platform custom asset tags |
{"Asset group":["finance"], "some.ip": ["10.1.0.1"]} |
Trend Vision One Container Security |
| platformAssetTags |
dynamic |
true |
- |
The list of platform custom asset tags |
{"Asset group":["finance"], "some.ip": ["10.1.0.1"]} |
- Endpoint Sensor
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
|
| pname |
string |
true |
- |
The internal product ID |
- Trend Micro Deep Security
- Deep Discovery Inspector
- Apex One
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- Trend Micro Cloud App Security
- Trend Micro Email Security
- TippingPoint Security Management System
- Endpoint Sensor
- Trend Micro Web Security
- Trend Cloud One - Network Security
- Zero Trust Secure Access - Internet Access
- Trend Vision One Mobile Security
- Trend Vision One Container Security
- Email Sensor
|
| policyId |
string |
false |
- |
The policy ID |
TestPolicy-2HJe25H4GY4upSuNNAG1pci2BIm |
Trend Vision One Container Security |
| policyId |
string |
true |
- |
The policy ID of which the event was detected |
- 00000001-0001-0001-0001-000000007610
- 007
- 003
- TM000001
|
- TippingPoint Security Management System
- Trend Micro Apex One as a Service
- Endpoint Sensor
- Trend Cloud One - Network Security
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Security
- Trend Vision One Container Security
|
| policyName |
string |
false |
- |
The name of the triggered policy |
TestPolicy |
Trend Vision One Container Security |
| policyName |
string |
true |
- |
The name of the triggered policy |
- Steelcase
- Cabot
- Tigre - Medium Policy
- apiPostedPolicy
|
- Trend Micro Apex One as a Service
- Trend Micro Cloud App Security
- Trend Micro Web Security
- Trend Micro Email Security
- Zero Trust Secure Access - Internet Access
- TXOne EdgeOne
- Trend Vision One Container Security
- Mobile Network Security
|
| processCmd |
string |
true |
CLICommand |
Command line entry of subject process |
- C:\WINDOWS\system32\services.exe
- C:\Windows\system32\services.exe
- /sbin/launchd
|
Trend Vision One Container Security |
| processCmd |
string |
true |
CLICommand |
The subject process command line |
- "C:\Program Files (x86)\AADM\AADM.exe"
- /usr/lib/inet/sendmail -bl -q15m
- ComDir
|
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Micro Deep Security
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
|
| processFilePath |
string |
true |
ProcessFullPath |
The file path of the subject process |
- c:\windows\system32\services.exe
- /usr/bin/bash
- c:\windows\system32\svchost.exe
|
Trend Vision One Container Security |
| processImagePath |
string |
true |
- |
The process triggered by the file event |
- c:\windows\system32\svchost.exe
- /usr/bin/python2.7
- /usr/bin/sed
|
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Micro Deep Security
- Trend Vision One Container Security
|
| processLaunchTime |
real |
false |
- |
The time the subject process was launched |
- 1653614773895
- 1656118625928
- 0
|
Trend Vision One Container Security |
| processName |
string |
true |
ProcessName |
The image name of the process that triggered the event |
- /usr/bin/bash
- c:\windows\system32\svchost.exe
- c:\windows\system32\lsass.exe
|
Trend Vision One Container Security |
| processName |
string |
true |
ProcessName |
The image name of the process that triggered the event |
- c:\windows\system32\svchost.exe
- /usr/bin/python2.7
- /usr/bin/sed
|
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Micro Deep Security
- Trend Vision One Container Security
- Trend Micro Apex One as a Service
|
| processPid |
int |
true |
- |
The PID of the subject process |
|
Trend Vision One Container Security |
| processPid |
int |
true |
- |
The PID of the subject process |
- |
- Trend Cloud One - Endpoint & Workload Security
- Endpoint Sensor
- Trend Vision One Container Security
|
| proto |
string |
false |
- |
The protocol type |
- TELEMETRY_CONNECTION_TCP
- TELEMETRY_CONNECTION_UDP
|
Trend Vision One Container Security |
| proto |
string |
true |
- |
The exploited layer network protocol |
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Security
- TXOne EdgeOne
- Trend Vision One Container Security
- Mobile Network Security
|
| pver |
string |
true |
- |
The product version |
- 1.2.0.2752
- 1.0.345
- 1.2.0.2657
|
Trend Vision One Container Security |
| pver |
string |
true |
- |
The product version |
- 20.0.0.4726
- 20.0.0.4416
- 6.2.1125
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Deep Security
- Trend Micro Apex One as a Service
- TippingPoint Security Management System
- Trend Cloud One - Network Security
- Zero Trust Secure Access - Internet Access
- Trend Vision One Mobile Security
- Trend Vision One Container Security
- File Security
- File Security Storage
- Agentless Vulnerability & Threat Detection
|
| rawDataStr |
string |
false |
- |
The JSON string that contains additional information |
- {"TLS version": "0x0303", "Cipher Suite": "0xc030"}
- {"Scanned ports": "23, 80, 443"}
- {"HTTP Content-Type": "application/hal+json", "HTTP Content-Body": "{\\"_links\\": {\\"type\\": {\\"href\\": \\"http://10.10.10.10/rest/type/node/INVALID_VALUE\\"}}, \\"type\\": {\\"target_id\\": \\"article\\"}, \\"title\\": {\\"value\\": \\"My Article\\"}, \\"body\\": {\\"value\\": \\"\\"}}"}
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Vision One Container Security
- Network Sensor
|
| ruleIdStr |
string |
false |
- |
The rule ID |
TM-00000036 |
Trend Vision One Container Security |
| ruleIdStr |
string |
true |
- |
The rule ID |
TM-00000043 |
Trend Vision One Container Security |
| ruleName |
string |
true |
- |
The name of the rule that triggered the event |
- Directory Server - Microsoft Windows Active Directory
- Microsoft Windows Events
- Microsoft Windows Security Events - 3
- (T1234) New executable created (chmod)
- Sensitive Files Upload to Personal Cloud
- Multiple Sensitive Files Compression
- Transfer Sensitive Files to Removable Storage
- Move Multiple Sensitive Files to Central Location
- Multiple Sensitive Files Modification
- Multiple Sensitive Files Deletion
- GEN_CCFR_OVERLAY_TEST.A
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- Trend Micro Cloud App Security
- TippingPoint Security Management System
- Endpoint Sensor
- Trend Micro Email Security
- Trend Cloud One - Network Security
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
- Email Sensor
- Mobile Network Security
- Data Detection and Response
|
| ruleSetId |
string |
true |
- |
The rule set ID |
AllRules-1zSSZPsDqfqkcOt5vNsD6f383HN |
Trend Vision One Container Security |
| ruleSetName |
string |
true |
- |
The rule set name |
AllRules |
- Trend Vision One Container Security
- Trend Cloud One - Network Security
- TippingPoint Security Management System
- Trend Cloud One - Endpoint & Workload Security
|
| ruleType |
string |
true |
- |
The access rule type |
- udso
- point of entry
- unknown
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Micro Cloud App Security
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
|
| scanType |
string |
true |
- |
The scan type |
- realtime_mailmeta-exchange
- exchange_mailbox_realtime_detection_logs
- gateway_realtime_blocking_traffic
- malware_schedule_image
- malware_schedule_file
- malware_realtime_image
- malware_realtime_file
|
- Trend Micro Cloud App Security
- Trend Micro Email Security
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Apex One as a Service
- Trend Micro Deep Security
- Email Sensor
- File Security
- Agentless Vulnerability & Threat Detection
- Trend Vision One Container Security
|
| severity |
int |
true |
- |
The severity of the event |
|
- Trend Cloud One - Endpoint & Workload Security
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Deep Security
- Trend Micro Apex One as a Service
- TippingPoint Security Management System
- Trend Cloud One - Network Security
- Trend Vision One Container Security
- Mobile Network Security
|
| sourceType |
string |
true |
- |
The source type |
- user defined
- sandbox
- syscall
|
- Trend Micro Apex One as a Service
- Trend Vision One Container Security
- Endpoint Sensor
|
| spt |
int |
true |
Port |
The source port number |
|
Trend Vision One Container Security |
| spt |
int |
true |
Port |
The source port |
|
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- TippingPoint Security Management System
- Trend Micro Deep Security
- Trend Cloud One - Network Security
- Endpoint Sensor
- TXOne EdgeOne
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
- Mobile Network Security
|
| src |
string |
true |
|
The source address |
|
Trend Vision One Container Security |
| src |
dynamic |
true |
|
The source IP |
10.10.10.10 |
- Trend Micro Deep Discovery Inspector
- Network Sensor
- Trend Micro Apex One as a Service
- Trend Cloud One - Endpoint & Workload Security
- TippingPoint Security Management System
- Trend Micro Deep Security
- Trend Cloud One - Network Security
- Endpoint Sensor
- Zero Trust Secure Access - Internet Access
- TXOne EdgeOne
- Zero Trust Secure Access - Private Access
- Trend Vision One Container Security
- Mobile Network Security
|
| srcFilePath |
string |
true |
|
The source file path |
- \\cnva-apps\megaclockprod\traveler\travelerprint.accdb
- c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml
- q:\a7_dbs\a4_pkg\a4_packaging.accde
|
Trend Vision One Container Security |
| tags |
dynamic |
true |
|
The detected ID based on the alert filter |
- MITREV9.T1057
- MITREV9.T1059.003
- XSAE.F2924
|
- ALL
- Trend Vision One Container Security
|
| userDefinedFields |
dynamic |
true |
- |
The user-defined field for custom detection rules |
{"message": "There is a shell process running in the container with ID \"1234567890abcdef\"."} |
Trend Vision One Container Security |