tm-v1-schema

Trend Micro Email Security

Layer: Email

This documentation provides detailed information about all fields available for Trend Micro Email Security.

Field Name	Type	Searchable	General Field	Description	Example	Products
act	dynamic	true	-	The actions taken to mitigate the event	log isolate terminate not blocked Block No action Reset Pass User Decision	Trend Vision One Container Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Micro Email Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Email Sensor Trend Vision One Mobile Security Mobile Network Security Agentless Vulnerability & Threat Detection
attachmentFileHashes	dynamic	true	-	The SHA-1 of the email attachment	056a2975edffe7188c03c324ae4335f9380b57e3 05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashes	dynamic	true	FileSHA1	SHA-1 hash of the email attachment	acedb7898338a46f38d148d1d0456e644576d41b ea6fcc4c0c1f10d71742b29e98a977d995473dd1 03d8fb85556edf397d8afcafc0b13f11ecbde50c	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashs	dynamic	true	-	The SHA-1 hash value of the attachment file	056a2975edffe7188c03c324ae4335f9380b57e3 05fd3ac8f9d8407e6637e0f91cd2ff5ab076658a	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileHashSha1	string	true	FileSHA1	The SHA-1 of the attached file (attachementFileName)	d63b1739a2fe56eb412dff1c69b76d4b9aad8ebd 3b923d078ea3bd39489ed6d334c423e4478a8ee3 3a2e6a64e1b7f4c6cbebcb9e949dc66b667cdfbe	Trend Micro Cloud App Security Trend Micro Email Security
attachmentFileHashSha256	string	true	FileSHA2	The SHA-256 of the attached file (attachementFileName)	D81D4C14DDEB8CA390FFADA69265AAD46CDEDD72CDD332CB8AA17D924626B397 01DE1FC697D2D0850F0468474A3E1E0BF4D78B23F0633908CF82E504E0DCBFF9 02D16D9970AB635A7B05C3A268E23F5B41C419DD022F1054E9FD912BE130BDB0	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Email Security
attachmentFileHashSha256s	dynamic	true	FileSHA2	SHA-256 hash of the email attachment	0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4 2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e 20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileName	dynamic	true	FileName	The file name of an attachment	Mail Body image001.png image002.png	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Email Sensor
attachmentFileName	dynamic	true	FileName	File name of the email attachment	image001.png image002.png image003.png	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileTlshes	dynamic	true	-	The TLSH of the email attachment	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentFileTlshes	dynamic	true	-	The TLSH hash detected by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
attachmentFileTlshs	dynamic	true	-	The TLSH hash value of the attachment file	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 97D18E86E87A85D1D4137E6DA6FD00580E4CF06F65DB2B2937815E4F3A3013042A2189	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentMd5	dynamic	true	FileMD5	MD5 hash of the email attachment	003fa299ab119219596f952c68029810 03aeabf6a745cb627ee29c05a22e58cb	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSha1	dynamic	true	FileSHA1	SHA-1 hash of the email attachment	03d8fb85556edf397d8afcafc0b13f11ecbde50c 056a2975edffe7188c03c324ae4335f9380b57e3	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSha256	dynamic	true	FileSHA2	SHA-256 hash of the email attachment	29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01 cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentSize	dynamic	true	-	The attachment file size	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
attachmentSource	dynamic	true	-	The attachment source	TMASE PRODUCT	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentTlsh	dynamic	true	-	The TLSH hash detected by Trend Micro Anti-Spam Engine	0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39 7C31C9827A71A905CC6B0A73B10FE80C06F01E814AA396347F8B6F979690E9C3D75147	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
attachmentUrls	dynamic	true	-	The URLs and URL sources extracted from the email attachment	-	Trend Micro Email Security Email Sensor
correlatedIntelligence	dynamic	true	-	The Correlated Intelligence detection	{"risk_type": "Anomaly","matched_rules": [{"threat_type": "Possibly Unwanted Email","matched_filters": [{"id":"FIL013", "name": "Marketing Email Traits"},{"id":"FIL098", "name": "Infrequent Sender Email Domain"}],"name": "Possibly Unwanted Marketing Email","id": "AN004"}]}	Trend Micro Email Security Email Sensor
detectionDetail	string	true	-	The details about each event type	{} {"detail":"4.7.1 \u003csample_email@trendmicro.com\u003e: Recipient address rejected: Ratelimit-2"} {"detail":"4.7.1 \u003csample_email@trendmicro.com.br\u003e: Recipient address rejected: Ratelimit-2"}	Trend Micro Email Security
detectionType	string	true	-	The detection type	1 File Process net	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Web Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Deep Security Trend Micro Email Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Zero Trust Secure Access - Private Access Trend Vision One Container Security
duser	dynamic	true	EmailRecipient	The email recipient	(no user) SYSTEM SYSTEM	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
eventId	string	true	-	The event ID from the logs of each product	100100 100101 100116 100117 100119	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Endpoint Sensor Trend Micro Email Security TXOne StellarOne Trend Vision One Container Security Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventId	int	true	-	The event ID	1 - MESSAGING_EMAIL_META 2 - MESSAGING_COLLABORATION_ACTIVITY	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor Collaboration sensor
eventName	string	true	-	The event type	LOG_INSPECTION_EVENT SECURITY_RISK_DETECTION WEB_THREAT_DETECTION LOG_INSPECTION_EVENT MALWARE_DETECTION PROCESS_ACTIVITY WEB_POLICY_VIOLATION DEEP_PACKET_INSPECTION_EVENT INTEGRITY_MONITORING_EVENT DISRUPTIVE_APPLICATION_DETECTION PRODUCT_SUMMARY PRODUCT_UPDATE BEHAVIORAL_VIOLATION FIREWALL_POLICY_VIOLATION SUSPICIOUS_BEHAVIOUR_DETECTION DENYLIST_CHANGE MACHINE_LEARNING_DETECTION DLP_VIOLATION MALWARE_OUTBREAK_DETECTION SENSITIVE_DATA_DETECTION	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint Security Management System Trend Micro Cloud App Security Trend Micro Email Security Endpoint Sensor Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventSubName	string	true	-	The event type sub-name	IPS Detection Personal Firewall Attack Discovery	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security Endpoint Sensor Zero Trust Secure Access - Internet Access Agentless Vulnerability & Threat Detection
eventTime	real	true	-	The time the agent detected the event	1657135700000	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
filterName	string	true	-	The filter name	ConnectionFilter Virtual Analyzer Data Loss Prevention	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Apex One as a Service TXOne EdgeOne
groupId	string	true	-	The group ID for the management scope filter	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
highlightedFileHashes	dynamic	true	FileSHA1	The SHA-1 hashes of the highlighted file	C9877617DB6715792F9D5C959C1E8D4E56D0C281 0340A8EE3AD2990E3EDCDB2E471EAA45B4286722 0E56D9540B07ED15EF745348D35C72A6A00A0BD9	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
highlightMailMsgSubject	string	true	-	The email subject	Delivery Status Undelivered Mail Returned to Sender Successful Mail Delivery Report	Trend Micro Email Security
logKey	string	true	-	The unique key of the event	123e4567-e89b-12d3-a456-426614174000 987f6543-21ba-43cd-9e8f-123456789abc 456789ab-cdef-1234-5678-9abcdef01234	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
mailAttachmentHash	string	true	FileMD5	Hash value of the email attachment	02ab50ee0bccadb43d6cc504928f2ff2 0a0f335fb04f1acebb7500d5358321c0	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailBccAddresses	dynamic	true	EmailRecipient	Mail BCC address in the email header	sample_email@trendmicro.com	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailbox	string	true	-	The mailbox that is protected by Trend Micro	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Trend Vision One Mobile Security Email Sensor
mailCcAddresses	dynamic	true	EmailRecipient	Mail CC address in the email header	<sample_email@trendmicro.com> sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailDirection	int	false	-	Email traffic direction	1 3 25	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailDirection	int	true	-	Email traffic direction	1 3 25	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailEurekaRuleIds	dynamic	true	-	The list of rule IDs scanned by Eureka and detected by Trend Micro Anti-Spam Engine	661030 661230 661267	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailFeatureId	dynamic	true	-	The email protocol detected by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailFromAddresses	dynamic	true	EmailSender	Mail from address in email header	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailHeaderHash	string	true	-	The email header hash detected by Trend Micro Anti-Spam Engine	43f8bfc02d8f78f069c254bc17eba80b aa5d16ca145f91471e482d235843aac5 ad8776382ea4b7cffd0961c70223162e	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailHelo	string	true	-	The HELO command detected by Trend Micro Anti-Spam Engine	HELO inpost.tmes.trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMetaText	string	true	-	The postman meta text detected by Trend Micro Anti-Spam Engine		Trend Micro Email Security Email Sensor
mailMetaTraceId	string	true	-	The trace ID generated by Trend Micro Feedback Engine		Trend Micro Email Security Email Sensor
mailMsgDirection	int	false	-	The direction of the email message	1	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMsgId	string	true	EmailMessageID	Email ID	<sample-id@trendmicro.com>	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailMsgSubject	string	true	EmailSubject	The email subject	FW. mail subject ManageEngine	Trend Micro Cloud App Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Email Security Trend Micro Apex One as a Service Email Sensor
mailMsgSubject	string	true	EmailSubject	Email subject	Your daily briefing Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailReceivedTime	string	true	-	The mail received timestamp	-	Trend Micro Cloud App Security Trend Micro Email Security
mailReplyToAddresses	dynamic	true	-	The Reply To address detected by Trend Micro Anti-Spam Engine	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailRuleId	dynamic	true	-	The rule ID of the matched rule detected by Trend Micro Anti-Spam Engine	42003 148036 148140	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailScore	string	true	-	The score assigned to the email by Trend Micro Anti-Spam Engine	-	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailSenderIp	string	true	-	Email sender IP address	10.10.10.10	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailSmtpFromAddresses	dynamic	true	-	The envelope address of the sender	sample_email@trendmicro.com	Trend Micro Email Security
mailSmtpFromAddresses	dynamic	true	-	The sender email address	sample_email@trendmicro.com	Trend Micro Email Security Email Sensor
mailSmtpHelo	string	true	-	The domain name of the email server by using the SMTP HELO command	example.com	Trend Micro Email Security
mailSmtpOriginalRecipients	dynamic	true	-	The envelope addresses of the original recipients	sample_email@trendmicro.com	Trend Micro Email Security
mailSmtpOriginalRecipients	dynamic	true	-	Original email recipients in the SMTP envelope	sample_email@trendmicro.com	Trend Micro Email Security Email Sensor
mailSmtpRecipients	dynamic	true	-	The envelope addresses of the current recipients	sample_email@trendmicro.com	Trend Micro Email Security
mailSmtpRecipients	dynamic	true	-	Email recipients in the SMTP envelope after scanning	sample_email@trendmicro.com	Trend Micro Email Security Email Sensor
mailSmtpTls	string	true	-	The SMTP TLS version, for example, TLS 1.2	noTLS TLS 1.2 TLS 1.3	Trend Micro Email Security
mailSmtpTls	string	true	-	The SMTP TLS version number	TLS 1.2 TLS 1.3 noTLS	Trend Micro Email Security Email Sensor
mailTagHash	string	true	-	The email tag hash detected by Trend Micro Anti-Spam Engine	9ce01ebc63f408264876646e20905349 cf679dc99042b781106cbaccd4045ed3	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailTagHashRawSignature	string	true	-	The raw signature hash of the email	PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjxtZXRhIG5hbWU9IGNvbnRlbnQ9ID48c3R5bGU+PCEtLS0tPjwvc3R5bGU+PC9oZWFkPjxib2R5IGxhbmc9IGxpbms9IHZsaW5rPSBzdHlsZT0gPjxkaXYgY2xhc3M9ID48cCBjbGFzcz0gPjxURVhUPjwvcD48L2Rpdj48L2JvZHk+PC9odG1sPg== PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjwvaGVhZD48Ym9keT48VEVYVD48L2JvZHk+PC9odG1sPg==	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailTextHash	string	true	-	The email text hash detected by Trend Micro Anti-Spam Engine	221bab3766f6d2a2c6fcc37056511d53 f26f3a415103ea083ac49be6bb60f337	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailThreatType	string	true	-	The type of email detected by Trend Micro Anti-Spam Engine	suspected suspected, suspected, phishing	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailToAddresses	dynamic	true	EmailRecipient	Mail To address in the email header	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlHash	string	true	-	The email URL hash detected by Trend Micro Anti-Spam Engine	ca52197d96e4a00ce19eaf34b20c8937 ad50776a891bead6bf222e2b7be17724	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsOriginalLink	dynamic	true	-	The original URL extracted from the email content	https://aka.ms/JoinTeamsMeeting http://go.microsoft.com/fwlink/p/?LinkID=12345	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsRealLink	dynamic	true	URL	URL extracted from the email content	https://aka.ms/JoinTeamsMeeting http://go.microsoft.com/fwlink/p/?LinkID=12345	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUrlsVisibleLink	dynamic	true	URL	URL extracted from the email content	Unsubscribe Android	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailUserAgent	string	true	-	The user agent	Mutt/1.4.2.2i Heirloom mailx 12.5 7/5/10	Trend Micro Email Security Trend Micro Cloud App Security Email Sensor
mailWantedHeaderName	dynamic	true	-	The WantedHeader key name detected by Trend Micro Anti-Spam Engine	CC X-TM-Product-Ver Received	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailWantedHeaderValue	dynamic	true	-	The WantedHeader key value detected by Trend Micro Anti-Spam Engine	cloud-app-security-5.0 BCL:0;	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailWholeHeader	dynamic	true	-	The name and email address of the sender in the From header detected by Trend Micro Anti-Spam Engine	<sample_email@trendmicro.com>	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
mailXMailer	string	true	-	The X-Mailer header of the email	Microsoft Outlook 16.0 Microsoft CDO for Windows 2000	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
msgId	string	true	EmailMessageID	The internet message ID	66.6.00.0006 example.test.com dameware1svr	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
msgTOCUuid	string	true	-	The email unique ID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security Trend Micro Email Security
msgUuid	string	true	-	The unique email ID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
msgUuid	string	true	-	Internal email UUID to identify each email message	11111111-1111-1111-1111-111111111111	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
msgUuidChain	string	true	-	The message UUID chain	00027ac3-f8f2-cc8f-d078-3a57f12f3d55;00027ac3-f8f2-cc8f-d078-3a57f12f3d55 0005ab64-3992-644c-3592-503c3610cec9;0005ab64-3992-644c-3592-503c3610cec9 00062621-fec4-9e4d-7609-25b2b3189214;00062621-fec4-9e4d-7609-25b2b3189214	Trend Micro Email Security
msgUuidChain	string	true	-	The internal UUID chain for each email in Trend Micro Feedback Engine	11111111-1111-1111-1111-111111111111;00000000-0000-0000-0000-000000000000	Trend Micro Email Security Email Sensor
objectSubType	string	true	-	The sub-types of the policy event (Displayed when a policy event has sub-types)	Spam Others malware ContentFiltering	Trend Micro Cloud App Security Trend Micro Email Security
objectType	string	true	-	The object type	file process qil	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Email Security Endpoint Sensor File Security
pname	string	true	-	The internal product ID	Trend Micro Deep Security Deep Discovery Inspector Apex One	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Trend Vision One Container Security Email Sensor
pname	string	true	-	Internal product code (depricated)	733 742 TMEMS	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
policyName	string	true	-	The name of the triggered policy	Steelcase Cabot Tigre - Medium Policy apiPostedPolicy	Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Web Security Trend Micro Email Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Trend Vision One Container Security Mobile Network Security
remarks	string	true	-	The additional information	warning: fork: Resource temporarily unavailable pam_unix(cron:session): session opened for user root by (uid=0) WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Email Security Trend Cloud One - Network Security TXOne EdgeOne Email Sensor File Security Agentless Vulnerability & Threat Detection
request	string	true	URL	The notable URLs	http://example.page.com/canonical.html http://10.10.10.10 https://drive.google.com/	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Endpoint & Workload Security Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Trend Cloud One - Network Security Trend Micro Email Security Trend Micro Deep Security Trend Vision One Mobile Security Zero Trust Secure Access - Private Access
respCode	string	true	-	The network protocol response code	302 200	Trend Micro Cloud App Security Trend Micro Email Security
rewrittenUrl	string	true	-	The rewritten URL	https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fexample.io%2	Trend Micro Cloud App Security Trend Micro Email Security
rt	string	false	-	The Unix time of the log generation	1656324260000	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Email Sensor
ruleName	string	true	-	The name of the rule that triggered the event	Directory Server - Microsoft Windows Active Directory Microsoft Windows Events Microsoft Windows Security Events - 3 (T1234) New executable created (chmod) Sensitive Files Upload to Personal Cloud Multiple Sensitive Files Compression Transfer Sensitive Files to Removable Storage Move Multiple Sensitive Files to Central Location Multiple Sensitive Files Modification Multiple Sensitive Files Deletion GEN_CCFR_OVERLAY_TEST.A	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Email Security Trend Cloud One - Network Security Zero Trust Secure Access - Private Access Trend Vision One Container Security Email Sensor Mobile Network Security Data Detection and Response
ruleVer	string	true	-	The rule version	202207060001 202207190001	Trend Micro Cloud App Security Trend Cloud One - Endpoint & Workload Security Trend Micro Email Security Email Sensor
scanTs	string	true	-	The mail scan time	-	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor
scanTs	string	true	-	The time the email was scanned	1657135700000	Trend Micro Cloud App Security Email Sensor Trend Micro Email Security
scanType	string	true	-	The scan type	realtime_mailmeta-exchange exchange_mailbox_realtime_detection_logs gateway_realtime_blocking_traffic malware_schedule_image malware_schedule_file malware_realtime_image malware_realtime_file	Trend Micro Cloud App Security Trend Micro Email Security Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security Email Sensor File Security Agentless Vulnerability & Threat Detection Trend Vision One Container Security
scanType	string	true	-	Manual or real-time scan	realtime_mailmeta-exchange realtime_mailmeta-gmail gateway_mailmetadata gateway_realtime_accepted_mail_traffic	Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
senderIp	dynamic	true	-	The sender IP	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Email Security
subRuleName	string	true	-	The subrule name	Pre-authentication failed. ATTACK T1070.002,T1070.004: Indicator Removal on Host : Clear Linux or Mac System Logs,File Deletion ATTACK T1110: Multiple Windows Logon Failures invisible_url_domain	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Email Sensor
suser	dynamic	true	EmailSender	The email sender	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor

Field Statistics

• Total Fields: 103
• Layer: Email
• Product: Trend Micro Email Security

---

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.