tm-v1-schema

Trend Cloud One - Network Security

Layer: Network

This documentation provides detailed information about all fields available for Trend Cloud One - Network Security.

Field Name Type Searchable General Field Description Example Products
act dynamic true - The actions taken to mitigate the event
  • log
  • isolate
  • terminate
  • not blocked
  • Block
  • No action
  • Reset
  • Pass
  • User Decision
  • Trend Vision One Container Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Cloud App Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Micro Email Security
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Email Sensor
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Agentless Vulnerability & Threat Detection
aggregatedCount string true - The number of aggregated events
  • 1
  • 2
  • 3
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Micro Web Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne StellarOne
  • Data Detection and Response
  • Trend Cloud One - Endpoint & Workload Security
deviceGUID string true - The GUID of the agent which reported the detection
  • 00000000-0000-0000-0000-000000000000
  • 11111111-1111-1111-1111-111111111111
  • 22222222-2222-2222-2222-222222222222
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
dpt int true Port The destination port
  • 445
  • 80
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
dst dynamic true
  • IPv4
  • IPv6
 The destination IP 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
endpointIp dynamic true
  • IPv4
  • IPv6
 The IP address of the endpoint on which the event was detected 10.10.10.10
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • TXOne EdgeOne
  • Agentless Vulnerability & Threat Detection
  • Data Detection and Response
eventName string true - The event type
  • LOG_INSPECTION_EVENT
  • SECURITY_RISK_DETECTION
  • WEB_THREAT_DETECTION
  • LOG_INSPECTION_EVENT
  • MALWARE_DETECTION
  • PROCESS_ACTIVITY
  • WEB_POLICY_VIOLATION
  • DEEP_PACKET_INSPECTION_EVENT
  • INTEGRITY_MONITORING_EVENT
  • DISRUPTIVE_APPLICATION_DETECTION
  • PRODUCT_SUMMARY
  • PRODUCT_UPDATE
  • BEHAVIORAL_VIOLATION
  • FIREWALL_POLICY_VIOLATION
  • SUSPICIOUS_BEHAVIOUR_DETECTION
  • DENYLIST_CHANGE
  • MACHINE_LEARNING_DETECTION
  • DLP_VIOLATION
  • MALWARE_OUTBREAK_DETECTION
  • SENSITIVE_DATA_DETECTION
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • TippingPoint Security Management System
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Endpoint Sensor
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Data Detection and Response
interestedIp dynamic true
  • IPv4
  • IPv6
 The IP of the interestedHost 10.10.10.10
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • TXOne EdgeOne
logKey string true - The unique key of the event
  • 123e4567-e89b-12d3-a456-426614174000
  • 987f6543-21ba-43cd-9e8f-123456789abc
  • 456789ab-cdef-1234-5678-9abcdef01234
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
mpname string true - The management product name
  • Cloud One - Workload Security
  • Apex Central
  • Deep Security Software
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Cloud One - Network Security
overSsl string true - Whether the event was triggered by an SSL decryption stream (Displayed only when SSL Inspection is supported)
  • Not over SSL/TLS
  • 0
  • Over SSL/TLS
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
peerEndpointGUID string true - The endpoint GUID of the agent peer host
  • 00000000-0000-0000-0000-000000000000
  • 11111111-1111-1111-1111-111111111111
  • 22222222-2222-2222-2222-222222222222
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Cloud One - Network Security
  • TippingPoint Security Management System
pname string true - The internal product ID
  • Trend Micro Deep Security
  • Deep Discovery Inspector
  • Apex One
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Trend Vision One Container Security
  • Email Sensor
policyId string true - The policy ID of which the event was detected
  • 00000001-0001-0001-0001-000000007610
  • 007
  • 003
  • TM000001
  • TippingPoint Security Management System
  • Trend Micro Apex One as a Service
  • Endpoint Sensor
  • Trend Cloud One - Network Security
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Security
  • Trend Vision One Container Security
pver string true - The product version
  • 20.0.0.4726
  • 20.0.0.4416
  • 6.2.1125
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Trend Vision One Container Security
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
remarks string true - The additional information
  • warning: fork: Resource temporarily unavailable
  • pam_unix(cron:session): session opened for user root by (uid=0)
  • WinEvtLog: Application: AUDIT_FAILURE(18470): MSSQL$SA: (no user): no domain: EXAMPLE.com: Login failed for user 'example_user'. Reason: The account is disabled. [CLIENT: 10.10.10.10]
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Apex One as a Service
  • Trend Micro Email Security
  • Trend Cloud One - Network Security
  • TXOne EdgeOne
  • Email Sensor
  • File Security
  • Agentless Vulnerability & Threat Detection
request string true URL The notable URLs
  • http://example.page.com/canonical.html
  • http://10.10.10.10
  • https://drive.google.com/
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Endpoint & Workload Security
  • Zero Trust Secure Access - Internet Access
  • Trend Micro Cloud App Security
  • Trend Cloud One - Network Security
  • Trend Micro Email Security
  • Trend Micro Deep Security
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
rt string false - The Unix time of the log generation 1656324260000
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Email Sensor
ruleName string true - The name of the rule that triggered the event
  • Directory Server - Microsoft Windows Active Directory
  • Microsoft Windows Events
  • Microsoft Windows Security Events - 3
  • (T1234) New executable created (chmod)
  • Sensitive Files Upload to Personal Cloud
  • Multiple Sensitive Files Compression
  • Transfer Sensitive Files to Removable Storage
  • Move Multiple Sensitive Files to Central Location
  • Multiple Sensitive Files Modification
  • Multiple Sensitive Files Deletion
  • GEN_CCFR_OVERLAY_TEST.A
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Email Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Email Sensor
  • Mobile Network Security
  • Data Detection and Response
ruleSetName string true - The rule set name AllRules
  • Trend Vision One Container Security
  • Trend Cloud One - Network Security
  • TippingPoint Security Management System
  • Trend Cloud One - Endpoint & Workload Security
ruleUuid string true - The signature UUID from the DV (Digital Vaccine)
  • 00000001-0001-0001-0001-000000007610
  • 00000001-0001-0001-0001-000000007120
  • 00000001-0001-0001-0001-000000017056
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • Trend Micro Cloud App Security
  • Zero Trust Secure Access - Private Access
severity int true - The severity of the event
  • 2
  • 4
  • 6
  • 8
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • Trend Vision One Container Security
  • Mobile Network Security
spt int true Port The source port
  • 53
  • 7680
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
src dynamic true
  • IPv4
  • IPv6
 The source IP 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
subRuleId string true - ID of a subordinate rule
  • 85262
  • 914520
  • 18152
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
suid string true UserAccount User name or mailbox
  • root
  • US EXAMPLE\TEST
  • sample_email@trendmicro.com
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Cloud App Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Web Security
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access

Field Statistics

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.