tm-v1-schema

Trend Micro Cloud App Security

Layer: Email

This documentation provides detailed information about all fields available for Trend Micro Cloud App Security.

Field Name	Type	Searchable	General Field	Description	Example	Products
act	dynamic	true	-	The actions taken to mitigate the event	log isolate terminate not blocked Block No action Reset Pass User Decision	Trend Vision One Container Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Micro Email Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Email Sensor Trend Vision One Mobile Security Mobile Network Security Agentless Vulnerability & Threat Detection
actResult	dynamic	true	-	The result of an action	Dropped Successful Accepted	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne StellarOne Trend Vision One Mobile Security
attachment	dynamic	true	-	The information about the email attachment	{"attachmentFileTlsh": "", "attachmentFileName": "testfile.txt","attachmentFileHash": "","attachmentFileSize": "-1"}	Trend Micro Cloud App Security Email Sensor
attachmentFileHashes	dynamic	true	-	The SHA-1 of the email attachment	056a2975edffe7188c03c324ae4335f9380b57e3 05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashes	dynamic	true	FileSHA1	SHA-1 hash of the email attachment	acedb7898338a46f38d148d1d0456e644576d41b ea6fcc4c0c1f10d71742b29e98a977d995473dd1 03d8fb85556edf397d8afcafc0b13f11ecbde50c	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashMd5	string	true	FileMD5	The MD5 of the attached file (attachementFileName)	RSjbNuJB0hx39ZpzwLdipg== +TmuTNLw3FMQlaTbPwjD8g== +XWktHxXXdY0O4A82FQMzQ==	Trend Micro Cloud App Security
attachmentFileHashs	dynamic	true	-	The SHA-1 hash value of the attachment file	056a2975edffe7188c03c324ae4335f9380b57e3 05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashSha1	string	true	FileSHA1	The SHA-1 of the attached file (attachementFileName)	d63b1739a2fe56eb412dff1c69b76d4b9aad8ebd 3b923d078ea3bd39489ed6d334c423e4478a8ee3 3a2e6a64e1b7f4c6cbebcb9e949dc66b667cdfbe	Trend Micro Cloud App Security Trend Micro Email Security
attachmentFileHashSha256s	dynamic	true	FileSHA2	SHA-256 hash of the email attachment	0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4 2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e 20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileName	dynamic	true	FileName	The file name of an attachment	Mail Body image001.png image002.png	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Email Sensor
attachmentFileName	dynamic	true	FileName	File name of the email attachment	image001.png image002.png image003.png	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileTlshes	dynamic	true	-	The TLSH of the email attachment	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileTlshes	dynamic	true	-	The TLSH hash detected by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
attachmentFileTlshs	dynamic	true	-	The TLSH hash value of the attachment file	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentMd5	dynamic	true	FileMD5	MD5 hash of the email attachment	003fa299ab119219596f952c68029810 03aeabf6a745cb627ee29c05a22e58cb	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSha1	dynamic	true	FileSHA1	SHA-1 hash of the email attachment	03d8fb85556edf397d8afcafc0b13f11ecbde50c 056a2975edffe7188c03c324ae4335f9380b57e3	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSha256	dynamic	true	FileSHA2	SHA-256 hash of the email attachment	29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01 cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSize	dynamic	true	-	The attachment file size	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
attachmentSource	dynamic	true	-	The attachment source	TMASE PRODUCT	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentTlsh	dynamic	true	-	The TLSH hash detected by Trend Micro Anti-Spam Engine	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 7C31C9827A71A905CC6B0A73B10FE80C06F01E814AA396347F8B6F979690E9C3D75147	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
cloudAppName	string	true	-	The cloud app name	teams sharepoint exchange gmail	Trend Micro Cloud App Security
detectionType	string	true	-	The detection type	1 File Process net	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Web Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Deep Security Trend Micro Email Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Zero Trust Secure Access - Private Access Trend Vision One Container Security
domainName	string	true	DomainName	The detected domain name	http://10.10.10.10 example.domain.com	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Cloud App Security
duser	dynamic	true	EmailRecipient	The email recipient	(no user) SYSTEM SYSTEM	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
engVer	string	true	-	The engine version	1.0.0.1123_1.0.0.1101 9.0.1004 22.540.1001	Endpoint Sensor Trend Micro Cloud App Security Trend Micro Apex One as a Service File Security
eventId	string	true	-	The event ID from the logs of each product	100100 100101 100116 100117 100119	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Endpoint Sensor Trend Micro Email Security TXOne StellarOne Trend Vision One Container Security Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventId	int	true	-	The event ID	1 - MESSAGING_EMAIL_META 2 - MESSAGING_COLLABORATION_ACTIVITY	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor Collaboration sensor
eventName	string	true	-	The event type	LOG_INSPECTION_EVENT SECURITY_RISK_DETECTION WEB_THREAT_DETECTION LOG_INSPECTION_EVENT MALWARE_DETECTION PROCESS_ACTIVITY WEB_POLICY_VIOLATION DEEP_PACKET_INSPECTION_EVENT INTEGRITY_MONITORING_EVENT DISRUPTIVE_APPLICATION_DETECTION PRODUCT_SUMMARY PRODUCT_UPDATE BEHAVIORAL_VIOLATION FIREWALL_POLICY_VIOLATION SUSPICIOUS_BEHAVIOUR_DETECTION DENYLIST_CHANGE MACHINE_LEARNING_DETECTION DLP_VIOLATION MALWARE_OUTBREAK_DETECTION SENSITIVE_DATA_DETECTION	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint Security Management System Trend Micro Cloud App Security Trend Micro Email Security Endpoint Sensor Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventSubName	string	true	-	The event type sub-name	IPS Detection Personal Firewall Attack Discovery	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security Endpoint Sensor Zero Trust Secure Access - Internet Access Agentless Vulnerability & Threat Detection
eventTime	real	true	-	The time the agent detected the event	1657135700000	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
filterName	string	true	-	The filter name	ConnectionFilter Virtual Analyzer Data Loss Prevention	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Apex One as a Service TXOne EdgeOne
firstSeen	string	true	-	The first time the XDR log appeared	1657195233000	Trend Micro Cloud App Security TXOne StellarOne Data Detection and Response
groupId	string	true	-	The group ID for the management scope filter	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
highlightedFileHashes	dynamic	true	FileSHA1	The SHA-1 hashes of the highlighted file	C9877617DB6715792F9D5C959C1E8D4E56D0C281 0340A8EE3AD2990E3EDCDB2E471EAA45B4286722 0E56D9540B07ED15EF745348D35C72A6A00A0BD9	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
highlightedFileName	dynamic	true	-	The file names of suspicious attachments	detect_me.zip covid.zip	Trend Micro Cloud App Security Email Sensor
indicatorCount	int	false	-	The number of report indicators	2	Trend Micro Cloud App Security
lastSeen	string	true	-	The last time the XDR log appeared	1657195233000	Trend Micro Cloud App Security TXOne StellarOne Data Detection and Response
logKey	string	true	-	The unique key of the event	123e4567-e89b-12d3-a456-426614174000 987f6543-21ba-43cd-9e8f-123456789abc 456789ab-cdef-1234-5678-9abcdef01234	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
mailAttachmentHash	string	true	FileMD5	Hash value of the email attachment	02ab50ee0bccadb43d6cc504928f2ff2 0a0f335fb04f1acebb7500d5358321c0	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailBccAddresses	dynamic	true	EmailRecipient	Mail BCC address in the email header	sample_email@trendmicro.com	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailbox	string	true	-	The mailbox that is protected by Trend Micro	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Trend Vision One Mobile Security Email Sensor
mailbox	string	true	-	Primary email address	sample_email@trendmicro.com	Trend Micro Cloud App Security Email Sensor
mailCacheId	string	true	-	The internal email cache ID to identify emails in the same group mails	<sample_email@trendmicro.com>	Trend Micro Cloud App Security Email Sensor
mailCcAddresses	dynamic	true	EmailRecipient	Mail CC address in the email header	<sample_email@trendmicro.com> sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailDirection	int	false	-	Email traffic direction	1 3 25	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailDirection	int	true	-	Email traffic direction	1 3 25	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailEurekaRuleIds	dynamic	true	-	The list of rule IDs scanned by Eureka and detected by Trend Micro Anti-Spam Engine	661030 661230 661267	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailFeatureId	dynamic	true	-	The email protocol detected by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailFolder	string	true	-	The email folder name	CATEGORY_PROMOTIONS, UNREAD, INBOX UNREAD, CATEGORY_PERSONAL, INBOX UNREAD, CATEGORY_UPDATES, INBOX	Trend Micro Cloud App Security
mailFolder	string	true	-	The email folder name	Inbox Bandeja de entrada Sent Items	Trend Micro Cloud App Security Email Sensor
mailFromAddresses	dynamic	true	EmailSender	Mail from address in email header	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailHeaderHash	string	true	-	The email header hash detected by Trend Micro Anti-Spam Engine	43f8bfc02d8f78f069c254bc17eba80b aa5d16ca145f91471e482d235843aac5 ad8776382ea4b7cffd0961c70223162e	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailHelo	string	true	-	The HELO command detected by Trend Micro Anti-Spam Engine	HELO inpost.tmes.trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMsgDirection	int	false	-	The direction of the email message	1	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMsgId	string	true	-	The internet message ID of the email	<sample_email@trendmicro.com>	Trend Micro Cloud App Security
mailMsgId	string	true	EmailMessageID	Email ID	<sample-id@trendmicro.com>	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMsgSubject	string	true	EmailSubject	The email subject	FW. mail subject ManageEngine	Trend Micro Cloud App Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Email Security Trend Micro Apex One as a Service Email Sensor
mailMsgSubject	string	true	EmailSubject	Email subject	Your daily briefing Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailReceivedTime	string	true	-	The mail received timestamp	-	Trend Micro Cloud App Security Trend Micro Email Security
mailReplyToAddresses	dynamic	true	-	The Reply To address detected by Trend Micro Anti-Spam Engine	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailReturnPath	dynamic	false	-	The hidden email header that indicates where bounced messages are sent	sample_email@trendmicro.com	Trend Micro Cloud App Security Email Sensor
mailRuleId	dynamic	true	-	The rule ID of the matched rule detected by Trend Micro Anti-Spam Engine	42003 148036 148140	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailScore	string	true	-	The score assigned to the email by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailSenderIp	string	true	-	Email sender IP address	10.10.10.10	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailSourceDomain	string	true	-	Email domain of the sender	example.com	Trend Micro Cloud App Security Email Sensor
mailTagHash	string	true	-	The email tag hash detected by Trend Micro Anti-Spam Engine	9ce01ebc63f408264876646e20905349 cf679dc99042b781106cbaccd4045ed3	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailTagHashRawSignature	string	true	-	The raw signature hash of the email	PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjxtZXRhIG5hbWU9IGNvbnRlbnQ9ID48c3R5bGU+PCEtLS0tPjwvc3R5bGU+PC9oZWFkPjxib2R5IGxhbmc9IGxpbms9IHZsaW5rPSBzdHlsZT0gPjxkaXYgY2xhc3M9ID48cCBjbGFzcz0gPjxURVhUPjwvcD48L2Rpdj48L2JvZHk+PC9odG1sPg== PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjwvaGVhZD48Ym9keT48VEVYVD48L2JvZHk+PC9odG1sPg==	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailTextHash	string	true	-	The email text hash detected by Trend Micro Anti-Spam Engine	221bab3766f6d2a2c6fcc37056511d53 f26f3a415103ea083ac49be6bb60f337	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailThreatType	string	true	-	The type of email detected by Trend Micro Anti-Spam Engine	suspected suspected, suspected, phishing	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailToAddresses	dynamic	true	EmailRecipient	Mail To address in the email header	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUniqueId	string	true	-	The unique ID of the email	example_unique_id_1 example_unique_id_2 example_unique_id_3	Trend Micro Cloud App Security
mailUrlHash	string	true	-	The email URL hash detected by Trend Micro Anti-Spam Engine	ca52197d96e4a00ce19eaf34b20c8937 ad50776a891bead6bf222e2b7be17724	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsOriginalLink	dynamic	true	-	The original URL extracted from the email content	https://aka.ms/JoinTeamsMeeting http://go.microsoft.com/fwlink/p/?LinkID=12345	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsRealLink	dynamic	true	URL	URL extracted from the email content	https://aka.ms/JoinTeamsMeeting http://go.microsoft.com/fwlink/p/?LinkID=12345	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsVisibleLink	dynamic	true	URL	URL extracted from the email content	Unsubscribe Android	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUserAgent	string	true	-	The user agent	Mutt/1.4.2.2i Heirloom mailx 12.5 7/5/10	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailWantedHeaderName	dynamic	true	-	The WantedHeader key name detected by Trend Micro Anti-Spam Engine	CC X-TM-Product-Ver Received	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailWantedHeaderValue	dynamic	true	-	The WantedHeader key value detected by Trend Micro Anti-Spam Engine	cloud-app-security-5.0 BCL:0;	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailWholeHeader	dynamic	true	-	The name and email address of the sender in the From header detected by Trend Micro Anti-Spam Engine	<sample_email@trendmicro.com>	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailXMailer	string	true	-	The X-Mailer header of the email	Microsoft Outlook 16.0 Microsoft CDO for Windows 2000	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mExternalUid	string	true	-	The unique ID of the email	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Email Sensor
msgId	string	true	EmailMessageID	The internet message ID	66.6.00.0006 example.test.com dameware1svr	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
msgTOCUuid	string	true	-	The email unique ID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security Trend Micro Email Security
msgUuid	string	true	-	The unique email ID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
msgUuid	string	true	-	Internal email UUID to identify each email message	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
objectSubType	string	true	-	The sub-types of the policy event (Displayed when a policy event has sub-types)	Spam Others malware ContentFiltering	Trend Micro Cloud App Security Trend Micro Email Security
objectType	string	true	-	The object type	file process qil	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Email Security Endpoint Sensor File Security
orgId	string	true	-	The organization ID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security Email Sensor
orgId	string	true	-	The organization ID	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Email Sensor
patVer	string	true	-	The version of the behavior pattern	35.1053.00 630 35.1071.00	Trend Micro Apex One as a Service Endpoint Sensor Trend Micro Cloud App Security
pname	string	true	-	The internal product ID	Trend Micro Deep Security Deep Discovery Inspector Apex One	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Trend Vision One Container Security Email Sensor
pname	string	true	-	Internal product code (depricated)	733 742 TMEMS	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
policyName	string	true	-	The name of the triggered policy	Steelcase Cabot Tigre - Medium Policy apiPostedPolicy	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Web Security Trend Micro Email Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Trend Vision One Container Security Mobile Network Security
policyTemplate	dynamic	true	-	The one-to-many data structure	policyName:Monitoreo All Files, template:Managed - All files policyName:HSS DLP, template:All File Extension India: Mobile Numbers	Trend Micro Apex One as a Service Trend Micro Cloud App Security Zero Trust Secure Access - Internet Access
principalName	string	true	-	The user principal name used to sign in to the proxy	sample_email@trendmicro.com	Trend Micro Web Security Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Zero Trust Secure Access - Private Access
remarks	string	true	-	The additional information	warning: fork: Resource temporarily unavailable pam_unix(cron:session): session opened for user root by (uid=0) WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Email Security Trend Cloud One - Network Security TXOne EdgeOne Email Sensor File Security Agentless Vulnerability & Threat Detection
reportGUID	string	true	-	The GUID for Workbench to request report page data	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security File Security Trend Micro Deep Discovery Inspector Network Sensor
request	string	true	URL	The notable URLs	http://example.page.com/canonical.html http://10.10.10.10 https://drive.google.com/	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Endpoint & Workload Security Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Trend Cloud One - Network Security Trend Micro Email Security Trend Micro Deep Security Trend Vision One Mobile Security Zero Trust Secure Access - Private Access
respCode	string	true	-	The network protocol response code	302 200	Trend Micro Cloud App Security Trend Micro Email Security
rewrittenUrl	string	true	-	The rewritten URL	https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fexample.io%2	Trend Micro Cloud App Security Trend Micro Email Security
riskConfidenceLevel	string	true	-	The risk confidence level	0 1 2	Trend Micro Apex One as a Service Trend Micro Cloud App Security
riskLevel	string	true	-	The risk level	1 high No Risk	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Endpoint Sensor Trend Micro Deep Discovery Inspector Network Sensor
rt	string	false	-	The Unix time of the log generation	1656324260000	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Email Sensor
ruleName	string	true	-	The name of the rule that triggered the event	Directory Server - Microsoft Windows Active Directory Microsoft Windows Events Microsoft Windows Security Events - 3 (T1234) New executable created (chmod) Sensitive Files Upload to Personal Cloud Multiple Sensitive Files Compression Transfer Sensitive Files to Removable Storage Move Multiple Sensitive Files to Central Location Multiple Sensitive Files Modification Multiple Sensitive Files Deletion GEN_CCFR_OVERLAY_TEST.A	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Email Security Trend Cloud One - Network Security Zero Trust Secure Access - Private Access Trend Vision One Container Security Email Sensor Mobile Network Security Data Detection and Response
ruleType	string	true	-	The access rule type	udso point of entry unknown	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Zero Trust Secure Access - Private Access Trend Vision One Container Security
ruleUuid	string	true	-	The signature UUID from the DV (Digital Vaccine)	00000001-0001-0001-0001-000000007610 00000001-0001-0001-0001-000000007120 00000001-0001-0001-0001-000000017056	TippingPoint Security Management System Trend Cloud One - Network Security Trend Micro Cloud App Security Zero Trust Secure Access - Private Access
ruleVer	string	true	-	The rule version	202207060001 202207190001	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security Email Sensor
scanTs	string	true	-	The mail scan time	-	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor
scanTs	string	true	-	The time the email was scanned	1657135700000	Trend Micro Cloud App Security Email Sensor Trend Micro Email Security
scanType	string	true	-	The scan type	realtime_mailmeta-exchange exchange_mailbox_realtime_detection_logs gateway_realtime_blocking_traffic malware_schedule_image malware_schedule_file malware_realtime_image malware_realtime_file	Trend Micro Cloud App Security Trend Micro Email Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security Email Sensor File Security Agentless Vulnerability & Threat Detection Trend Vision One Container Security
scanType	string	true	-	Manual or real-time scan	realtime_mailmeta-exchange realtime_mailmeta-gmail gateway_mailmetadata gateway_realtime_accepted_mail_traffic	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
schemaVersion	string	true	-	The schema version	1.0	Trend Micro Cloud App Security
score	int	false	-	The Web Reputation Services URL rating	71 81	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Vision One Mobile Security Trend Cloud One - Endpoint & Workload Security
signInCountries	dynamic	true	-	The countries from which a user signed in	PH AU	Trend Micro Cloud App Security Microsoft Entra ID
subRuleName	string	true	-	The subrule name	Pre-authentication failed. ATTACK T1070.002,T1070.004: Indicator Removal on Host : Clear Linux or Mac System Logs,File Deletion ATTACK T1110: Multiple Windows Logon Failures invisible_url_domain	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
suid	string	true	UserAccount	User name or mailbox	root US EXAMPLE\TEST sample_email@trendmicro.com	Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Web Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
suser	dynamic	true	EmailSender	The email sender	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
threatName	string	true	-	The threat name	Malicious_CnC_access_on_UDP_blocked Malicious_CnC_access_on_TCP_blocked Other protected file	Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
urlCat	dynamic	true	-	The requested URL category	Untested 158 Web Advertisement	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Web Security Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Trend Vision One Mobile Security Trend Cloud One - Endpoint & Workload Security

Field Statistics

• Total Fields: 119
• Layer: Email
• Product: Trend Micro Cloud App Security

---

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.