tm-v1-schema

Network Sensor

Layer: Network

This documentation provides detailed information about all fields available for Network Sensor.

Field Name	Type	Searchable	General Field	Description	Example	Products
act	dynamic	true	-	The actions taken to mitigate the event	log isolate terminate not blocked Block No action Reset Pass User Decision	Trend Vision One Container Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Micro Email Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Email Sensor Trend Vision One Mobile Security Mobile Network Security Agentless Vulnerability & Threat Detection
aggregatedCount	string	true	-	The number of aggregated events	1 2 3	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service TippingPoint Security Management System Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne StellarOne Data Detection and Response Trend Cloud One - Endpoint & Workload Security
app	string	true	-	The network protocol	HTTP	Trend Micro Deep Discovery Inspector Network Sensor
appGroup	string	true	-	The app category of the event	DNS Response HTTP CIFS	Trend Micro Deep Discovery Inspector Network Sensor
aptCampaigns	dynamic	true	-	The related APT campaigns	POSSIBLE LSTUDIO WEB LURKER	Trend Micro Deep Discovery Inspector Network Sensor
aptRelated	string	true	-	The event is related to an APT	0 1	Trend Micro Deep Discovery Inspector Network Sensor
archFiles	dynamic	true	-	The file information extracted from detected files	None	Trend Micro Deep Discovery Inspector Network Sensor
attachmentFileHash	string	true	FileSHA1	The SHA-1 of the email attachment	C9877617DB6715792F9D5C959C1E8D4E56D0C281 0340A8EE3AD2990E3EDCDB2E471EAA45B4286722 0E56D9540B07ED15EF745348D35C72A6A00A0BD9	Trend Micro Deep Discovery Inspector Network Sensor Email Sensor
attachmentFileHashSha256	string	true	FileSHA2	The SHA-256 of the attached file (attachementFileName)	D81D4C14DDEB8CA390FFADA69265AAD46CDEDD72CDD332CB8AA17D924626B397 01DE1FC697D2D0850F0468474A3E1E0BF4D78B23F0633908CF82E504E0DCBFF9 02D16D9970AB635A7B05C3A268E23F5B41C419DD022F1054E9FD912BE130BDB0	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Email Security
attachmentFileName	dynamic	true	FileName	The file name of an attachment	Mail Body image001.png image002.png	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Email Sensor
attachmentFileSize	string	true	-	The file size of the email attachment	190843 104454 112197	Trend Micro Deep Discovery Inspector Network Sensor Email Sensor
attachmentFileType	string	true	-	The file type of the email attachment	PDF TEXT PKZIP	Trend Micro Deep Discovery Inspector Network Sensor
botCmd	string	true	CLICommand	The bot command	1068 indows chrome.exe	Trend Micro Deep Discovery Inspector Network Sensor
botUrl	string	true	URL	The bot URL	7?01 0000 indows	Trend Micro Deep Discovery Inspector Network Sensor
cccaDestination	string	true	URL	The destination domain, IP, URL, or recipient	10.10.10.10:443 www.example.dns04.com example.ru	Trend Micro Deep Discovery Inspector Network Sensor
cccaDestinationFormat	string	true	-	C&C server access format	IP_DOMAIN URL	Trend Micro Deep Discovery Inspector Network Sensor
cccaDetection	string	true	-	Is this log identified as a C&C callback address detection	Yes	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
cccaDetectionSource	string	true	-	Which list defines this CCCA detection rule	CCCA_GLOBAL_LIST (0) GLOBAL_INTELLIGENCE USER_DEFINED	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
cccaRiskLevel	int	true	-	The severity level of the threat actors associated with the C&C servers	1 2	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
clientFlag	string	true	-	Whether the client is a source or destination	dst src	Trend Micro Deep Discovery Inspector Network Sensor
clientGroup	string	true	-	The client IP network group	myCompany myGroup	Network Sensor Trend Micro Deep Discovery Inspector
clientHost	string	true	-	The client IP host name	sample.test.com sample.tw.test.org	Network Sensor
clientIp	string	true	IPv4 IPv6	The endpoint IP address	10.10.10.10	Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor
clientMAC	string	true	-	The client MAC address	00-00-00-ff-ff-ff	Trend Micro Deep Discovery Inspector Network Sensor
clientPort	int	true	Port	The client port number	5566	Trend Micro Deep Discovery Inspector Network Sensor
cnt	string	true	-	The total number of logs	1 2 3	Trend Micro Deep Discovery Inspector Network Sensor TXOne EdgeOne Mobile Network Security
compressedFileHash	string	true	FileSHA1	The SHA-1 of the decompressed archive	6E2ECB34B7798E179CC704111FB9733FBAAD5ACA FA71B59F35F0EE44D27F74917EF5A0DA2797E80B 14D2302172EB81465CE12E01361AE24CDE170F7B	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
compressedFileHashSha256	string	true	FileSHA2	The SHA-256 of the compressed suspicious file	60C7C5924DD09F7C6B150120FB92DCEE00AE82DB75C7402FA4D9152CF487A94F 482FFC4F87B78C3C7073983CF65B593D9F13F0A3D6DC54B4A3F616F79838F3CE 68C0126D9B4B0FC32DE181D0D67DA8FE82E23745F6023317D5E053B6F6ED26CF	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
compressedFileName	string	true	FileName	The file name of the compressed file	/proc/32058/fd/150 NONAMEFL /proc/10006/fd/30 VirusActionSample/RPF2_OtherMalwareSample-other.exe	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service File Security File Security Storage Trend Cloud One - Endpoint & Workload Security Agentless Vulnerability & Threat Detection Trend Vision One Container Security
compressedFileSize	string	true	-	The file size of the decompressed archive file	0 265314 175864	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage
compressedFileType	string	true	-	The file type of the decompressed archive file	EXE JAVA PDF	Trend Micro Deep Discovery Inspector Network Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection
correlationCat	string	true	-	The correlation category	Suspicious Traffic Authentication Reconnaissance	Trend Micro Deep Discovery Inspector Network Sensor
cve	string	true	-	The CVE identifier	MS17-010 CVE-2021-45046 CVE-2021-44228	Trend Micro Deep Discovery Inspector Network Sensor
cves	dynamic	true	-	The CVEs associated with this filter	CVE-2014-3567 CVE-2016-6304 CVE-2011-1385	TippingPoint Security Management System Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor
data0	string	true	-	The value of the DDI Correlation log	1 USR_SUSPICIOUS_IP.UMXX USR_SUSPICIOUS_URL.UMXX	Trend Micro Deep Discovery Inspector Network Sensor
data0Name	string	true	-	The name of the DDI Correlation log	Malware Name Attacked this IP IP Address under Attack	Trend Micro Deep Discovery Inspector Network Sensor
data1	string	true	-	The Deep Discover Inspector correlation log metadata	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
data1Name	string	true	-	The name of the DDI Correlation log	Port Used Malicious File Transferred To This IP Address Malware Server IP Address	Trend Micro Deep Discovery Inspector Network Sensor
data2	string	true	-	The value of the DDI Correlation log	1 10003 2	Trend Micro Deep Discovery Inspector Network Sensor
data2Name	string	true	-	The name of the DDI Correlation log	Number of Malware Files Downloaded Protocol	Trend Micro Deep Discovery Inspector Network Sensor
data3	string	true	-	The value of the DDI Correlation log	1 10.10.10.10 23903	Trend Micro Deep Discovery Inspector Network Sensor
data4	string	true	-	The value of the DDI Correlation log	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
dceHash1	string	true	-	The Trend Micro Threat Mitigation Server requires the log, but the Trend Micro Threat Mitigation Server is EOL.	0	Trend Micro Deep Discovery Inspector Network Sensor
dceHash2	string	true	-	The Trend Micro Threat Mitigation Server requires the log, but the Trend Micro Threat Mitigation Server is EOL.	0	Trend Micro Deep Discovery Inspector Network Sensor
denyListFileHash	string	true	FileSHA1	The SHA-1 of the Virtual Analyzer Suspicious Object	746C4D6048A409F33446463B28CA21CB2C5DD941 DAA66CE3C1F08144885BB0E99837030C5231DE60	Trend Micro Deep Discovery Inspector Network Sensor
denyListFileHashSha256	string	true	-	The SHA-256 of User-Defined Suspicious Object	757E5C8823CAA7406030A7E26AED2A2C95D16F69C5A14C884C8CAA72A0C001C3	Trend Micro Deep Discovery Inspector Network Sensor
denyListHost	string	true	DomainName	The domain of the Virtual Analyzer Suspicious Object	www.example.dns01.com example.com	Trend Micro Deep Discovery Inspector Network Sensor
denyListIp	dynamic	true	IPv4 IPv6	The IP of the Virtual Analyzer Suspicious Object	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
denyListRequest	string	true	-	Block list event request	* test.url.com https://example.com:443/gfx/flags/ua.png	Trend Micro Deep Discovery Inspector Network Sensor
denyListType	string	true	-	Block list type	Deny List URL Deny List File SHA1	Trend Micro Deep Discovery Inspector Network Sensor
detectionType	string	true	-	The detection type	1 File Process net	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Web Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Micro Deep Security Trend Micro Email Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Zero Trust Secure Access - Private Access Trend Vision One Container Security
deviceDirection	string	true	-	Device Direction. If the source IP is in the internal network (the network monitored by Deep Discovery Inspector) it is tagged as outbound. All other cases are inbound. Internal-to-internal is also tagged as outbound.	outbound inbound	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security
deviceGUID	string	true	-	The GUID of the agent which reported the detection	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service TippingPoint Security Management System Endpoint Sensor Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
deviceGUID	string	true	-	The non-endpoint object such as a network appliance	11111111-1111-1111-1111-111111111111	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
deviceMacAddress	string	true	-	The device mac address	00:00:00:00:00:00 ff:ff:ff:ff:ff:ff	Trend Micro Deep Discovery Inspector Network Sensor
devicePayloadId	string	true	-	The device payload ID	0:14343219::F:S 0:94174860::F: 0:9665982::F:	Trend Micro Deep Discovery Inspector Network Sensor
deviceRiskConfidenceLevel	int	false	-	The confidence level of device risk	-	Trend Micro Deep Discovery Inspector Network Sensor
dhost	string	true	DomainName	The destination hostname	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Mobile Network Security
direction	string	true	-	The object transfer direction	Download	Trend Micro Deep Discovery Inspector Network Sensor
dmac	string	true	-	The MAC address of the destination IP (dest_ip)	00:00:00:00:00:00 ff:ff:ff:ff:ff:ff	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne
dnsQueryType	string	true	-	The record type requested by the DNS protocol	A	Trend Micro Deep Discovery Inspector Network Sensor
domainName	string	true	DomainName	The detected domain name	http://10.10.10.10 example.domain.com	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Cloud App Security
dOSName	string	true	-	The destination host OS	Windows Windows 10 Android	Trend Micro Deep Discovery Inspector Network Sensor Mobile Network Security
dpt	int	true	Port	The destination port	445 80	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint Security Management System Trend Micro Deep Security Trend Cloud One - Network Security Endpoint Sensor TXOne EdgeOne Zero Trust Secure Access - Private Access Trend Vision One Container Security Mobile Network Security
dst	dynamic	true	IPv4 IPv6	The destination IP	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint Security Management System Trend Micro Deep Security Trend Cloud One - Network Security Endpoint Sensor Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Trend Vision One Container Security Mobile Network Security
dstGroup	string	true	-	The group name defined by the administrator of the destination	Default Data Center Services DL_Deployed Block Rede Wifi Visitantes-Pacientes	Trend Micro Deep Discovery Inspector Network Sensor Mobile Network Security
dstZone	string	true	-	The network zone defined by the destination administrator	1 0 2	Trend Micro Deep Discovery Inspector Network Sensor
duser	dynamic	true	EmailRecipient	The email recipient	(no user) SYSTEM SYSTEM	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
duser	dynamic	true	EmailRecipient	The email recipient	sample_email@trendmicro.com	Trend Micro Deep Discovery Inspector Network Sensor
dUser1	string	true	UserAccount	The latest sign-in user of the destination	user\example	Trend Micro Deep Discovery Inspector Network Sensor
dvc	dynamic	true	-	The IP address of the Deep Discover Inspector appliance	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
dvc	dynamic	true	-	The IP address of the Deep Discovery Inspector or Virtual Network Sensor appliance	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
dvchost	string	true	-	The computer which installed the Trend Micro product	CU-PRO1-9039-2 LTPF32PMNN	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
dvchost	string	true	-	The network device hostname	my-company-xns my-ddi	Trend Micro Deep Discovery Inspector Network Sensor
eventClass	string	true	-	The event category	Suspicious Traffic Authentication Reconnaissance	Trend Micro Deep Discovery Inspector Network Sensor
eventId	string	true	-	The event ID from the logs of each product	100100 100101 100116 100117 100119	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Endpoint Sensor Trend Micro Email Security TXOne StellarOne Trend Vision One Container Security Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventId	string	true	-	The event ID	200139 200140	Network Sensor Trend Micro Deep Discovery Inspector XDR for Cloud - AWS VPC Flow Logs azv
eventName	string	true	-	The event type	LOG_INSPECTION_EVENT SECURITY_RISK_DETECTION WEB_THREAT_DETECTION LOG_INSPECTION_EVENT MALWARE_DETECTION PROCESS_ACTIVITY WEB_POLICY_VIOLATION DEEP_PACKET_INSPECTION_EVENT INTEGRITY_MONITORING_EVENT DISRUPTIVE_APPLICATION_DETECTION PRODUCT_SUMMARY PRODUCT_UPDATE BEHAVIORAL_VIOLATION FIREWALL_POLICY_VIOLATION SUSPICIOUS_BEHAVIOUR_DETECTION DENYLIST_CHANGE MACHINE_LEARNING_DETECTION DLP_VIOLATION MALWARE_OUTBREAK_DETECTION SENSITIVE_DATA_DETECTION	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security TippingPoint Security Management System Trend Micro Cloud App Security Trend Micro Email Security Endpoint Sensor Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Mobile Security Mobile Network Security Data Detection and Response
eventName	string	true	-	The name of the log event	SWG_ACTIVITY_LOG FIREWALL_ACTIVITY_LOG VPC_ACTIVITY_LOG	Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor XDR for Cloud - AWS VPC Flow Logs azv
eventSubClass	string	true	-	The category of sub-event class	DNS Port Mis-use Port Scanning	Trend Micro Deep Discovery Inspector Network Sensor
eventTime	real	true	-	The time the agent or product detected the event	1657135700000	Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor XDR for Cloud - AWS VPC Flow Logs azv
fileExt	string	true	-	The file extension of the suspicious file	.lnk .exe .EXE	Trend Micro Deep Discovery Inspector Network Sensor
fileHash	string	true	FileSHA1	The SHA-1 of the file that triggered the rule or policy	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 89CE26EAD139D52B8A6B61BFFC6AF89AF246580F 3AD1F4E7CAA11E5199EE80B8983677ADDD065450	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access File Security File Security Storage Agentless Vulnerability & Threat Detection Data Detection and Response
fileHash	string	true	FileSHA1	The SHA-1 of the file that violated the policy	1e15bf99022a9164708cebb3eace8fd61ad45cba	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
fileHashSha256	string	true	FileSHA2	The SHA-256 of the file (fileName)	6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294 12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access Trend Cloud One - Endpoint & Workload Security File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
fileHashSha256	string	true	FileSHA2	The SHA-256 of the file that violated the policy	ba9edecdd09de1307714564c24409bd25508e22fe11c768053a08f173f263e93	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
fileName	dynamic	true	FileName	The file name	spoolss hosts svcrestarttask	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Zero Trust Secure Access - Internet Access TXOne StellarOne File Security File Security Storage Agentless Vulnerability & Threat Detection
fileName	string	true	FileName FileFullPath	The name of the file that violated the policy	word.doc	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
filePath	string	true	FileFullPath	The file path without the file name	security /var/log/audit/audit.log application	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor TXOne StellarOne File Security File Security Storage
filePathName	string	true	FileFullPath	The file path with the file name	vss spoolss /etc/hosts	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security TXOne StellarOne
fileSize	string	true	-	The file size of the suspicious file	0 1255856 1237880	Trend Micro Deep Discovery Inspector Network Sensor Zero Trust Secure Access - Internet Access Trend Micro Apex One as a Service File Security File Security Storage Agentless Vulnerability & Threat Detection
fileSize	string	true	-	The size of the file that is violating the policy	12134	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
fileType	string	true	-	The file type of the suspicious file	EXE LNK MIME	Trend Micro Deep Discovery Inspector Network Sensor Zero Trust Secure Access - Internet Access File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
fileType	string	true	-	The type of file which is violating the policy	Microsoft Words	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
filterRiskLevel	string	true	-	The top level filter risk of the event	info low medium	ALL Trend Micro Deep Discovery Inspector Network Sensor
firmalware	dynamic	true	-	The firmware version of Deep Discover Inspector	2017-12-01 15:05:07-05:00 3.83.1170 5.0.1555 2020-11-13 18:04:29-05:00 5.0.1555 5.5.1200 2020-11-13 18:43:30-05:00 5.5.1200 5.7.1178	Trend Micro Deep Discovery Inspector Network Sensor
flowId	string	true	-	The network analysis flow ID	6837014561409730558	Trend Micro Deep Discovery Inspector Network Sensor
ftpTrans	dynamic	true	-	The transaction information of the FTP protocol	None	Trend Micro Deep Discovery Inspector Network Sensor
fullPath	string	true	FileFullPath	The combination of the file path and the file name	\etc\hosts c:\windows\system32\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask \var\log\auth.log	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security TXOne StellarOne File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
hasdtasres	string	true	-	Whether the log contains a report from Virtual Analyzer	No Yes	Trend Micro Deep Discovery Inspector Network Sensor
heurFlag	int	false	-	Whether it has an Advanced Threat Scan Engine detection	1	Trend Micro Deep Discovery Inspector Network Sensor
hostName	string	true	DomainName HostDomain	The computer name of the client host (The hostname from the suspicious URL detected by Deep Discovery Inspector)	Let's Encrypt 10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne
hostName	string	true	DomainName HostDomain	The host name	NJ-EFFY-ZHAO1	Trend Micro Deep Discovery Inspector Network Sensor
hostSeverity	int	true	-	The severity of the threat (specific to the interestedIp)	1 2 4	Trend Micro Deep Discovery Inspector Network Sensor
hotFix	dynamic	true	-	The applied Deep Discover Inspector hotfix version	2021-07-22 15:08:01+08:00 Hotfix 1042 hfb1042 Apply 2021-12-22 09:03:42-06:00 Hotfix 1211 hfb1211 Apply 2022-03-30 13:16:28-07:00 Hotfix 1218 hfb1218 Apply	Trend Micro Deep Discovery Inspector Network Sensor
httpLocation	string	true	URL	The HTTP location header	www.google.com.tw	Trend Micro Deep Discovery Inspector Network Sensor
httpReferer	string	true	URL	The HTTP referer	http://172.16.58.233/ http://example/page1/ https://www.google.com/	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
httpReferer	string	true	URL	The HTTP referrer header	www.google.com.tw	Trend Micro Deep Discovery Inspector Network Sensor
httpXForwardedFor	string	true	-	The HTTP X-Forwarded-For header	10.10.10.10, 10.10.10.11, 10.10.10.12	Trend Micro Deep Discovery Inspector Network Sensor
httpXForwardedForGroup	string	true	-	The X-Forwarded-For IP network group	myCompany myGroup	Network Sensor Trend Micro Deep Discovery Inspector
httpXForwardedForHost	string	true	-	The X-Forwarded-For IP host name	sample.test.com sample.tw.test.org	Network Sensor
httpXForwardedForIp	string	true	IPv4 IPv6	The x-forwarded-for IP used by the network appliance	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
httpXForwardedForPort	int	false	-	The patched HTTP server port when the network appliance selects an x-forwarded-for IP address to use	65535	Trend Micro Deep Discovery Inspector Network Sensor
interestedGroup	string	true	-	The network group associated with the user-defined source IP or destination IP	Default Rede DATACENTER Lumen/FORTIGATE - AD ESTACIO CORP Data Center Services DL_Deployed Block	Trend Micro Deep Discovery Inspector Network Sensor
interestedHost	string	true	DomainName	The endpoint hostname (For example, if an intranet host accesses a suspicious internet host, the intranet host is the "peerHost" and the internet host is the "interestedHost")	10.10.10.10 (swpos-aws-aza02) [i-0f0f0f0f0f0f0f0f0] es-dtc-w-dc02.example.corp	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service
interestedIp	dynamic	true	IPv4 IPv6	The IP of the interestedHost	10.10.10.10	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Network Security TXOne EdgeOne
interestedMacAddress	string	true	-	The MAC address identified as the log owner's	00:00:00:00:00:00 ff:ff:ff:ff:ff:ff	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor TXOne EdgeOne
ircChannelName	string	true	-	The IRC channel name	ManageEngine unknown Global Product Delivery Group	Trend Micro Deep Discovery Inspector Network Sensor
ircUserName	string	true	-	The IRC user name	R3 ManageEngineCA DigiCert TLS RSA SHA256 2020 CA1	Trend Micro Deep Discovery Inspector Network Sensor
isHidden	string	true	-	Whether the detection log generated a grey rule match	Yes	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service
ja3Hash	string	true	-	The fingerprint of an SSL/TLS client application as detected via a network sensor or device	72a589da586844d7f0818ce684948eea cd08e31494f9531f560d64c695473da9 6dca00d8741247e245e4f2a632f1e62b	Trend Micro Deep Discovery Inspector Network Sensor
ja3Hash	string	true	-	The JA3 hash	478e74fad764c966f19c5232c7cdfc5a	Trend Micro Deep Discovery Inspector Network Sensor
ja3sHash	string	true	-	The fingerprint of an SSL/TLS server application as detected via a network sensor or device	e54965894d6b45ecb4323c7ea3d6c115 ec74a5c51106f0419184d0dd08fb05bc ba1b42efc7dc57bb43bf81de59791c1b	Trend Micro Deep Discovery Inspector Network Sensor
ja3sHash	string	true	-	The JA3S hash	6d37fb1b3306d6e9f875650d8eb74b4f	Trend Micro Deep Discovery Inspector Network Sensor
logKey	string	true	-	The unique key of the event	123e4567-e89b-12d3-a456-426614174000 987f6543-21ba-43cd-9e8f-123456789abc 456789ab-cdef-1234-5678-9abcdef01234	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
mailMsgSubject	string	true	EmailSubject	The email subject	FW. mail subject ManageEngine	Trend Micro Cloud App Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Email Security Trend Micro Apex One as a Service Email Sensor
mailMsgSubject	string	true	EmailSubject	The email subject	test	Trend Micro Deep Discovery Inspector Network Sensor
malFamily	string	true	-	The threat family	EQUATED STARTER 0	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security File Security
malName	string	true	-	The name of the detected malware	SecurityLevelDrop Regla Logs All USR_SUSPICIOUS_DOMAIN.UMXX	Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Web Security TXOne StellarOne Email Sensor File Security File Security Storage Agentless Vulnerability & Threat Detection Trend Vision One Container Security
malType	string	true	-	The risk type for Network Content Correlation Engine rules	OTHERS MALWARE Others	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Security File Security Trend Vision One Container Security
malTypeGroup	string	true	-	The risk type group for NCCE (Network Content Correlation Engine) rules. This field comes from NCCP (Network Content Correlation Pattern) rule type definitions.	Others Malware Spyware	Trend Micro Deep Discovery Inspector Network Sensor File Security
mimeType	string	true	-	The MIME type or content type of the response body	text/html	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
mitigationTaskId	string	true	-	The unique ID to identify the mitigation request	09dcd06f-2f9c-4bab-8114-f823620fecb6 0ed72c3c-05af-4c16-b2c4-789eaeccb944 0f29cfc3-954a-4fd9-954e-bf14f7253d20	Trend Micro Deep Discovery Inspector Network Sensor
mitreMapping	dynamic	true	-	The MITRE tags	T1090 (TA0011) T1071 (TA0011) T1071.001 (TA0011)	Trend Micro Deep Discovery Inspector Network Sensor
mitreVersion	string	true	-	The MITRE version	v9 v6	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security
msgId	string	true	EmailMessageID	The internet message ID	66.6.00.0006 example.test.com dameware1svr	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
msgId	string	true	EmailMessageID	The service provider message ID	<sample_email@trendmicro.com>	Trend Micro Deep Discovery Inspector Network Sensor
objectIps	dynamic	true	IPv4 IPv6	The IP address resolved by the DNS protocol	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
overSsl	string	true	-	Whether the event was triggered by an SSL decryption stream (Displayed only when SSL Inspection is supported)	Not over SSL/TLS 0 Over SSL/TLS	Trend Micro Deep Discovery Inspector Network Sensor TippingPoint Security Management System Trend Cloud One - Network Security
overSsl	string	true	-	SSL protocol connection	YES	Trend Micro Deep Discovery Inspector Network Sensor
pAttackPhase	string	true	-	The category of the primary Attack Phase	Lateral Movement Point of Entry Asset and Data Discovery	Trend Micro Deep Discovery Inspector Network Sensor
pcapUUID	string	true	-	The PCAP file UUID	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Deep Discovery Inspector Network Sensor
pComp	string	true	-	The component that made the detection	CAV NCIE TMUFE	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service
peerEndpointGUID	string	true	-	The endpoint GUID of the agent peer host	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Network Security TippingPoint Security Management System
peerGroup	string	true	-	The peer IP group	Default Rede DATACENTER Lumen/PALOALTO VPNSSL - VPN CLIENT UHS	Trend Micro Deep Discovery Inspector Network Sensor
peerHost	string	true	DomainName	The hostname of peerIp	dns.google 10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
peerIp	dynamic	true	IPv4 IPv6	The IP of peerHost	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service
pname	string	true	-	The internal product ID	Trend Micro Deep Security Deep Discovery Inspector Apex One	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Trend Vision One Container Security Email Sensor
pname	string	true	-	The product name	Secure Web Gateway XDR for Cloud - AWS VPC Flow Logs	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor XDR for Cloud - AWS VPC Flow Logs azv
potentialRisk	string	true	-	The tag if it's a potential risk according to heuristics	1 0	Trend Micro Deep Discovery Inspector Network Sensor
pver	string	true	-	The product version	20.0.0.4726 20.0.0.4416 6.2.1125	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Trend Vision One Mobile Security Trend Vision One Container Security File Security File Security Storage Agentless Vulnerability & Threat Detection
rating	string	true	-	The credibility level	Safe Unknown Dangerous	Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
rawDataStr	string	false	-	The JSON string that contains additional information	{"TLS version": "0x0303", "Cipher Suite": "0xc030"} {"Scanned ports": "23, 80, 443"} {"HTTP Content-Type": "application/hal+json", "HTTP Content-Body": "{\\"_links\\": {\\"type\\": {\\"href\\": \\"http://10.10.10.10/rest/type/node/INVALID_VALUE\\"}}, \\"type\\": {\\"target_id\\": \\"article\\"}, \\"title\\": {\\"value\\": \\"My Article\\"}, \\"body\\": {\\"value\\": \\"\\"}}"}	Trend Micro Deep Discovery Inspector Network Sensor Trend Vision One Container Security Network Sensor
rawDataStr	string	false	-	The JSON string that contains additional information	{"TLS version": "0x0303", "Cipher Suite": "0xc030"} {"Scanned ports": "23, 80, 443"} {"HTTP Content-Type": "application/hal+json", "HTTP Content-Body": "{\\"_links\\": {\\"type\\": {\\"href\\": \\"http://10.10.10.10/rest/type/node/INVALID_VALUE\\"}}, \\"type\\": {\\"target_id\\": \\"article\\"}, \\"title\\": {\\"value\\": \\"My Article\\"}, \\"body\\": {\\"value\\": \\"\\"}}"}	Trend Micro Deep Discovery Inspector Network Sensor Trend Vision One Container Security Network Sensor
rawDataStr	string	false	-	The raw data string that contains additional information	[{ "oid": "1.2.3.4", "value_type": 4, "value": "MANUFACTURER:SAMPLE\ nMODEL:SAMPLE C1234", "parse": 1}]	Trend Micro Deep Discovery Inspector Network Sensor
rawDstIp	string	true	IPv4 IPv6	The destination IP without replacement	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
rawDstPort	int	true	Port	The destination port number without replacement	33186	Trend Micro Deep Discovery Inspector Network Sensor
rawSrcIp	string	true	IPv4 IPv6	The source IP without replacement	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
rawSrcPort	int	true	Port	The source port number without replacement	80	Trend Micro Deep Discovery Inspector Network Sensor
remarks	string	true	-	The additional information	warning: fork: Resource temporarily unavailable pam_unix(cron:session): session opened for user root by (uid=0) WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Email Security Trend Cloud One - Network Security TXOne EdgeOne Email Sensor File Security Agentless Vulnerability & Threat Detection
reportGUID	string	true	-	The GUID for Workbench to request report page data	00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111 22222222-2222-2222-2222-222222222222	Trend Micro Cloud App Security File Security Trend Micro Deep Discovery Inspector Network Sensor
reqAppVersion	string	true	-	The client application version number	SSH-2.0-OPENSSH_9.0	Network Sensor Trend Micro Deep Discovery Inspector
reqDataSize	string	true	-	The data volume transmitted over the transport layer by the client (in bytes)	15688	Network Sensor Trend Micro Deep Discovery Inspector
reqScannedBytes	string	true	-	The data volume transmitted by the client (in bytes)	4655	Trend Micro Deep Discovery Inspector Network Sensor
request	string	true	URL	The notable URLs	http://example.page.com/canonical.html http://10.10.10.10 https://drive.google.com/	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Endpoint & Workload Security Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Trend Cloud One - Network Security Trend Micro Email Security Trend Micro Deep Security Trend Vision One Mobile Security Zero Trust Secure Access - Private Access
request	string	true	URL	The destination URL that the user is accessing	https://google.com/ https://api/example/v1/testit	Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor
requestClientApplication	string	true	-	The protocol user agent information	Microsoft-Delivery-Optimization/10.0 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) example Software GmbH	Trend Micro Deep Discovery Inspector Network Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
requestClientApplication	string	true	-	The HTTP user agent	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36	Trend Micro Deep Discovery Inspector Network Sensor
requestDate	string	true	-	The HTTP date header	Fri, 20 Oct 2017 06:02:09 GMT	Trend Micro Deep Discovery Inspector Network Sensor
requestHeaders	string	true	-	All HTTP headers without sensitive information	Host: 10.10.10.10:8080 User-Agent: curl/7.78.0 Accept: */*	Trend Micro Deep Discovery Inspector Network Sensor
requestMethod	string	true	-	The network protocol request method	POST	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
requestMimeType	string	true	-	The type of request content	application/json; charset=utf-8	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
requests	dynamic	true	URL	The URLs of the request	www.google.com.tw	Trend Micro Deep Discovery Inspector Network Sensor
resolvedUrlGroup	string	true	-	The IP address FQDN network group	myCompany myGroup	Network Sensor Trend Micro Deep Discovery Inspector
resolvedUrlIp	string	true	IPv4 IPv6	The IP address of the FQDN	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
resolvedUrlPort	int	true	Port	The HTTP server port	443	Trend Micro Deep Discovery Inspector Network Sensor
respAppVersion	string	true	-	The server application version number	SSH-2.0-OPENSSH_8.7	Network Sensor Trend Micro Deep Discovery Inspector
respArchFiles	dynamic	true	-	The file information extracted from files detected in response direction	None	Trend Micro Deep Discovery Inspector Network Sensor
respCode	string	true	-	The network protocol response code	200 25	Trend Micro Deep Discovery Inspector Network Sensor
respDataSize	string	true	-	The data volume transmitted over the transport layer by the server (in bytes)	7856	Network Sensor Trend Micro Deep Discovery Inspector
respDate	string	true	-	The HTTP response date header	Fri, 20 Oct 2017 06:02:09 GMT	Trend Micro Deep Discovery Inspector Network Sensor
respFileHash	string	true	FileSHA1	The SHA-1 of the file detected in the response direction	f17d9c55dea88f9aec8f74363f01e918cffb4142	Trend Micro Deep Discovery Inspector Network Sensor
respFileHashSha256	string	true	FileSHA2	The SHA-256 of the file detected in the response direction	5ad4396d67f0c9d54572f051e28e9e62f4010c269a953d25259b17ad5fab4fd5	Trend Micro Deep Discovery Inspector Network Sensor
respFileType	string	true	-	The file type detected in the response direction	PKZIP	Trend Micro Deep Discovery Inspector Network Sensor
respHeaders	string	true	-	All HTTP response headers without sensitive information	Accept-Ranges: bytes Content-Length: 68 Content-Type: - text/plain; charset=utf-8 Last-Modified: Thu, 19 Aug 2021 06:23:54 GMT Date: Thu, 19 Aug 2021 06:24:00 GMT	Trend Micro Deep Discovery Inspector Network Sensor
respMethod	string	true	-	The response method	KRB_ERROR AS_REP	Trend Micro Deep Discovery Inspector Network Sensor
respScannedBytes	string	true	-	The data volume transmitted by the server (in bytes)	6654	Trend Micro Deep Discovery Inspector Network Sensor
riskLevel	string	true	-	The risk level	1 high No Risk	Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Cloud App Security Endpoint Sensor Trend Micro Deep Discovery Inspector Network Sensor
rozRating	string	true	-	The VA overall rating	0 -1 1	Trend Micro Deep Discovery Inspector Network Sensor
rt	string	false	-	The Unix time of the log generation	1656324260000	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security Trend Micro Email Security TippingPoint Security Management System Endpoint Sensor Trend Micro Web Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access Zero Trust Secure Access - Private Access Email Sensor
rtDate	string	true	-	The date of the log generation	1655337600000	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security
rtHour	int	false	-	The hour of the log generation	9 8	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security
rtWeekDay	string	true	-	The weekday of the log generation	Monday Tuesday Friday	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security
ruleId	int	true	-	The rule ID	1002795 1003802	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service Mobile Network Security
ruleName	string	true	-	The name of the rule that triggered the event	Directory Server - Microsoft Windows Active Directory Microsoft Windows Events Microsoft Windows Security Events - 3 (T1234) New executable created (chmod) Sensitive Files Upload to Personal Cloud Multiple Sensitive Files Compression Transfer Sensitive Files to Removable Storage Move Multiple Sensitive Files to Central Location Multiple Sensitive Files Modification Multiple Sensitive Files Deletion GEN_CCFR_OVERLAY_TEST.A	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security Trend Micro Cloud App Security TippingPoint Security Management System Endpoint Sensor Trend Micro Email Security Trend Cloud One - Network Security Zero Trust Secure Access - Private Access Trend Vision One Container Security Email Sensor Mobile Network Security Data Detection and Response
sAttackPhase	string	true	-	The category of the second Attack Phase	Lateral Movement Command and Control Communication	Trend Micro Deep Discovery Inspector Network Sensor
scanTs	string	true	-	The mail scan time	-	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor
score	int	false	-	The Web Reputation Services URL rating	71 81	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Cloud App Security Trend Vision One Mobile Security Trend Cloud One - Endpoint & Workload Security
senderGUID	string	true	-	The sender GUID	346648FC-9862-D2F0-F94C-FAB1A838ABD7 36E5239E-EEBA-0100-C10E-C057E0455E1D 9606BBD5-38A7-9024-83C8-9C88A2AF90CC	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Deep Security
senderIp	dynamic	true	-	The sender IP	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Micro Email Security
serverGroup	string	true	-	The server IP network group	myCompany myGroup	Network Sensor Trend Micro Deep Discovery Inspector
serverHost	string	true	-	The server IP host name	sample.test.com sample.tw.test.org	Network Sensor
serverIp	string	true	IPv4 IPv6	The server IP address	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor
serverMAC	string	true	-	The server MAC address	00-00-00-ff-ff-ff	Trend Micro Deep Discovery Inspector Network Sensor
serverPort	int	true	Port	The server port number	443	Trend Micro Deep Discovery Inspector Network Sensor
sessionEnd	string	true	-	The session end time, in seconds	1575462989	Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor
sessionEndReason	string	true	-	The reason why a session was terminated	tcp-fin tcp-rst-from-server	Network Sensor Trend Micro Deep Discovery Inspector
sessionStart	string	true	-	The session start time (in seconds)	1575462989	Zero Trust Secure Access - Private Access Trend Micro Deep Discovery Inspector Network Sensor
severity	int	true	-	The severity of the event	2 4 6 8	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Trend Micro Apex One as a Service TippingPoint Security Management System Trend Cloud One - Network Security Trend Vision One Container Security Mobile Network Security
shost	string	true	DomainName	The source hostname	dns.google sw_us-east-1a_10-124-17-69 sw_us-east-1c_10-124-21-139	Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Deep Security Mobile Network Security
smac	string	true	-	The source MAC address	00:11:22:33:44:55 66:77:88:99:AA:BB CC:DD:EE:FF:00:11	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security Trend Micro Deep Security TXOne EdgeOne
sOSName	string	true	-	The source OS	Windows Windows 10 Windows XP	Trend Micro Deep Discovery Inspector Network Sensor Mobile Network Security
spt	int	true	Port	The source port	53 7680	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint Security Management System Trend Micro Deep Security Trend Cloud One - Network Security Endpoint Sensor TXOne EdgeOne Zero Trust Secure Access - Private Access Trend Vision One Container Security Mobile Network Security
src	dynamic	true	IPv4 IPv6	The source IP	10.10.10.10	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security TippingPoint Security Management System Trend Micro Deep Security Trend Cloud One - Network Security Endpoint Sensor Zero Trust Secure Access - Internet Access TXOne EdgeOne Zero Trust Secure Access - Private Access Trend Vision One Container Security Mobile Network Security
srcGroup	string	true	-	The group named defined by the source administrator	Default Rede DATACENTER example/example - AD example CORP	Trend Micro Deep Discovery Inspector Network Sensor Mobile Network Security
srcZone	string	true	-	The network zone defined by the source administrator	1 0 2	Trend Micro Deep Discovery Inspector Network Sensor
sslCertCommonName	string	true	DomainName HostDomain	The subject common name	settings-win.data.microsoft.com	Trend Micro Deep Discovery Inspector Network Sensor
sslCertCommonName	string	true	DomainName HostDomain	The certificate common name	*.www.sample.com	Trend Micro Deep Discovery Inspector Network Sensor
sslCertFingerprint	string	true	-	The certificate fingerprint	3914af80223c833f26df001cbf342eff8a31aba1	Trend Micro Deep Discovery Inspector Network Sensor
sslCertIssuer	string	true	-	The issuer of the certificate	/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA	Trend Micro Deep Discovery Inspector Network Sensor
sslCertIssuerCommonName	string	true	-	The issuer common name	Microsoft Azure TLS Issuing CA 05	Trend Micro Deep Discovery Inspector Network Sensor
sslCertIssuerOrgName	string	true	-	The issuer organization name	Microsoft Corporation	Trend Micro Deep Discovery Inspector Network Sensor
sslCertOrgName	string	true	-	The subject organization name	Microsoft	Trend Micro Deep Discovery Inspector Network Sensor
sslCertSANs	dynamic	true	-	The Subject Alternative Name of the certificate	*.www.sample.com add.my.sample.com au.sample.com	Trend Micro Deep Discovery Inspector Network Sensor
sslCertSerialNumber	string	true	-	The certificate serial number	0888b1ad2a593310593f47565a5a5a4a	Trend Micro Deep Discovery Inspector Network Sensor
sslCertValidFrom	string	true	-	The certificate validity start time	2014-11-21T02:43:28	Trend Micro Deep Discovery Inspector Network Sensor
sslCertValidUntil	string	true	-	The certificate validity end time	2018-11-21T02:43:28	Trend Micro Deep Discovery Inspector Network Sensor
status	string	true	-	The network analysis flow session status	2	Trend Micro Deep Discovery Inspector Network Sensor
suid	string	true	UserAccount	User name or mailbox	root US EXAMPLE\TEST sample_email@trendmicro.com	Trend Cloud One - Endpoint & Workload Security Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Web Security Trend Micro Deep Security Trend Cloud One - Network Security Zero Trust Secure Access - Internet Access
suid	string	true	UserAccount	The user name or IP address (IPv4)	Sample User Name 10.10.10.10	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
suser	dynamic	true	EmailSender	The email sender	sample_email@trendmicro.com	Trend Micro Cloud App Security Trend Micro Email Security Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Email Sensor
suser	string	true	EmailSender	The email sender	sample_email@trendmicro.com	Trend Micro Deep Discovery Inspector Network Sensor
sUser1	string	true	UserAccount	The latest sign-in user of the source	example\admin example.us.com\account	Trend Micro Deep Discovery Inspector Network Sensor
tacticId	dynamic	true	Tactic	The list of MITRE tactic IDs	TA0011 TA0008 TA0001	Trend Micro Deep Discovery Inspector Network Sensor Endpoint Sensor Trend Micro Apex One as a Service
tags	dynamic	true	Technique Tactic	The detected technique ID based on the alert filter	MITREV9.T1090 MITRE.T1071 MITREV9.T1059.001	ALL Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
targetShare	string	true	FileFullPath	For HTTPS protocol: Subject State or Province Name; For SMB protocol: Shared folder	3MHIS NETLOGON CA	Trend Micro Deep Discovery Inspector Network Sensor
techniqueId	dynamic	true	Technique	Technique ID detected by the product agent base on a detection rule	-	TXOne StellarOne Trend Micro Deep Discovery Inspector Network Sensor
threatName	string	true	-	The threat name	Malicious_CnC_access_on_UDP_blocked Malicious_CnC_access_on_TCP_blocked Other protected file	Trend Micro Cloud App Security Trend Micro Apex One as a Service Trend Micro Deep Discovery Inspector Network Sensor
threatNames	dynamic	true	-	The associated threats	HM_GERAL.MIP00000001 HM_JADTRE.MIP00000001 VAN_BOT.UMXX	Trend Micro Deep Discovery Inspector Network Sensor
threatType	string	true	-	The log threat type	2 99 5	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Apex One as a Service Agentless Vulnerability & Threat Detection
tlsJA3Fingerprint	string	true	-	The JA3 fingerprint	-	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
tlsJA3SFingerprint	string	true	-	The raw JA3S	771,157,65281-15	Trend Micro Deep Discovery Inspector Network Sensor
tlsSelectedCipher	string	true	-	The selected cipher of the TLS protocol	c02f	Trend Micro Deep Discovery Inspector Network Sensor
urlCat	dynamic	true	-	The requested URL category	Untested 158 Web Advertisement	Trend Micro Deep Discovery Inspector Network Sensor Trend Micro Web Security Trend Micro Apex One as a Service Zero Trust Secure Access - Internet Access Trend Micro Cloud App Security Trend Vision One Mobile Security Trend Cloud One - Endpoint & Workload Security
userDomain	string	true	DomainName AccountDomain	Active directory domain, domain of username for logging in TMAS adminportal adminportal	trendmicro.com	Zero Trust Secure Access - Internet Access Trend Micro Deep Discovery Inspector Network Sensor
vLANId	int	false	-	The virtual LAN ID	-	Trend Micro Deep Discovery Inspector Network Sensor TXOne EdgeOne Mobile Network Security

Field Statistics

• Total Fields: 246
• Layer: Network
• Product: Network Sensor

---

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.