tm-v1-schema

Zero Trust Secure Access - Private Access

Layer: Network

This documentation provides detailed information about all fields available for Zero Trust Secure Access - Private Access.

Field Name Type Searchable General Field Description Example Products
act dynamic true - The actions taken to mitigate the event
  • log
  • isolate
  • terminate
  • not blocked
  • Block
  • No action
  • Reset
  • Pass
  • User Decision
  • Trend Vision One Container Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Cloud App Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Micro Email Security
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Email Sensor
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Agentless Vulnerability & Threat Detection
act string true - The action
  • Allow
  • Block
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
application string true - The name of the requested application
  • HyperText Transfer Protocol
  • DoubleClick
  • The Secure HyperText Transfer Protocol
  • Trend Micro Web Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Apex One as a Service
application string true - The name of the requested application
  • Facebook
  • wiki
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
clientIp dynamic true - The IP addresses of the source 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
clientIp string true
  • IPv4
  • IPv6
 The endpoint IP address 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
companyName string true - The company name Trend Micro Zero Trust Secure Access - Private Access
detectionType string true - The detection type
  • 1
  • File
  • Process
  • net
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Web Security
  • Trend Micro Apex One as a Service
  • Trend Micro Cloud App Security
  • Trend Micro Deep Security
  • Trend Micro Email Security
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
detectionType string true - The traffic detection type
  • No matched Zero Trust Secure Access rule
  • Missing or invalid client certificate
  • Untrusted server certificate
  • Zero Trust Secure Access
  • HTTPS inspection exception
  • HTTPS inspection failure
  • HTTPS bypass at inspection failure
  • Approved URLs
  • Blocked URLs
  • Private IP address access
  • Web Reputation
  • URL Filtering
  • Restricted file type
  • Restricted MIME type
  • Restricted file extension type
  • Anti-malware scan
  • File scan exception
  • Predictive Machine Learning
  • Botnet
  • Application Control
  • Virtual Analyzer submission
  • Tenancy Restriction
  • Suspicious Object Blocked List
  • Data Loss Prevention
  • Ransomware
  • Risk Control
  • AI Service Risk Control
  • Non-compliant device
  • AI Service Access
  • AI Service Sensitive Data Prevention
  • AI Service Prompt Injection
  • AI Service Improper Answer
  • AI Service Malicious URL Answer
  • AI Service File Upload Detection
  • AI Service Rate Limiting
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
dpt int true Port The destination port
  • 445
  • 80
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
dpt int true Port The service destination port of the private application server (dstport) 443
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
dst dynamic true
  • IPv4
  • IPv6
 The destination IP 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
dst string true
  • IPv4
  • IPv6
 The destination IP address (dstaddr) 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
endpointGUID string true EndpointID The GUID of the agent which reported the detection
  • ae4d64aa-f8b8-bb36-b265-f59272ed342f
  • 8fb979f6-1376-bed3-227f-f2886e66194e
  • ca2b3a7e-8415-c571-cc19-e45f69470026
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Trend Vision One Container Security
  • Data Detection and Response
endpointGuid string true EndpointID The device GUID
  • 11111111-1111-1111-1111-111111111111
  • DSP84573ULLJHM5GK2R7
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
endpointHostName string true EndpointName The endpoint hostname or node where the event was detected
  • 10.10.10.10 (swpos-aws-aza02) [i-0f0f0f0f0f0f0f0f0]
  • ip-10-10-10-10.us-west-1.compute.internal
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Security
  • Trend Micro Apex One as a Service
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Trend Vision One Container Security
  • Agentless Vulnerability & Threat Detection
  • Data Detection and Response
endpointHostName string true EndpointName The host name of the device on which the event was detected
  • my_machine
  • jeremy-mbp
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
eventName string true - The event type
  • LOG_INSPECTION_EVENT
  • SECURITY_RISK_DETECTION
  • WEB_THREAT_DETECTION
  • LOG_INSPECTION_EVENT
  • MALWARE_DETECTION
  • PROCESS_ACTIVITY
  • WEB_POLICY_VIOLATION
  • DEEP_PACKET_INSPECTION_EVENT
  • INTEGRITY_MONITORING_EVENT
  • DISRUPTIVE_APPLICATION_DETECTION
  • PRODUCT_SUMMARY
  • PRODUCT_UPDATE
  • BEHAVIORAL_VIOLATION
  • FIREWALL_POLICY_VIOLATION
  • SUSPICIOUS_BEHAVIOUR_DETECTION
  • DENYLIST_CHANGE
  • MACHINE_LEARNING_DETECTION
  • DLP_VIOLATION
  • MALWARE_OUTBREAK_DETECTION
  • SENSITIVE_DATA_DETECTION
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • TippingPoint Security Management System
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Endpoint Sensor
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Trend Vision One Mobile Security
  • Mobile Network Security
  • Data Detection and Response
eventName string true - The name of the log event
  • SWG_ACTIVITY_LOG
  • FIREWALL_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
eventTime real true - The time the agent or product detected the event 1657135700000
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
objectId string true - The UUID of the object
  • 3
  • 2
  • Trend Micro Apex One as a Service
  • Zero Trust Secure Access - Private Access
objectId string true - The UUID of the Zero Trust Secure Access private access application 11111111-1111-1111-1111-111111111111 Zero Trust Secure Access - Private Access
osName string true - The host OS name
  • Linux
  • windows 10.0.22000
  • windows 10.0.19044
  • windows 10.0.19043
  • Zero Trust Secure Access - Internet Access
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
  • Data Detection and Response
  • Agentless Vulnerability & Threat Detection
osName string true - The host operating system name
  • Windows 10
  • macos 12.1
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
osVer string true - The OS version 11
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
  • Data Detection and Response
policyUuid string true - The UUID of the cloud access or risk control policy, or the hard-coded string that indicates the rule of the global blocked/approved URL list
  • 7937cb0b-e598-4c8f-a50f-65c32905ba3a
  • C!7c4433e3-5b2c-449f-b66e-ccaac006b6f1
  • 8d265639-7202-4455-b640-48683aa2b57d
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
policyUuid string true - The policy UUID 11111111-1111-1111-1111-111111111111 Zero Trust Secure Access - Private Access
principalName string true - The user principal name used to sign in to the proxy sample_email@trendmicro.com
  • Trend Micro Web Security
  • Zero Trust Secure Access - Internet Access
  • Trend Micro Cloud App Security
  • Zero Trust Secure Access - Private Access
principalName string true UserAccount The User Principal Name sample_email@trendmicro.com
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
request string true URL The notable URLs
  • http://example.page.com/canonical.html
  • http://10.10.10.10
  • https://drive.google.com/
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • TippingPoint Security Management System
  • Trend Cloud One - Endpoint & Workload Security
  • Zero Trust Secure Access - Internet Access
  • Trend Micro Cloud App Security
  • Trend Cloud One - Network Security
  • Trend Micro Email Security
  • Trend Micro Deep Security
  • Trend Vision One Mobile Security
  • Zero Trust Secure Access - Private Access
request string true URL The destination URL that the user is accessing
  • https://google.com/
  • https://api/example/v1/testit
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
requestBase string true
  • DomainName
  • HostDomain
 The domain of the request URL
  • weather.service.msn.com
  • test.domain.com
  • Trend Micro Web Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
requestBase string true
  • DomainName
  • HostDomain
 The URL domain
  • www.facebook.com
  • gary.webserver64.com
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
rt string false - The Unix time of the log generation 1656324260000
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Web Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Email Sensor
rt string false - The UTC timestamp 1599465660
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
ruleName string true - The name of the rule that triggered the event
  • Directory Server - Microsoft Windows Active Directory
  • Microsoft Windows Events
  • Microsoft Windows Security Events - 3
  • (T1234) New executable created (chmod)
  • Sensitive Files Upload to Personal Cloud
  • Multiple Sensitive Files Compression
  • Transfer Sensitive Files to Removable Storage
  • Move Multiple Sensitive Files to Central Location
  • Multiple Sensitive Files Modification
  • Multiple Sensitive Files Deletion
  • GEN_CCFR_OVERLAY_TEST.A
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Micro Deep Security
  • Trend Micro Cloud App Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Trend Micro Email Security
  • Trend Cloud One - Network Security
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Email Sensor
  • Mobile Network Security
  • Data Detection and Response
ruleName string true - The name of the triggered cloud access rule
  • ETL_Access Rules_Web_Host
  • block_wiki_for_guest
  • BlockHighRiskTCPPortsFromInternet
  • unspecified
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • azv
ruleType string true - The access rule type
  • udso
  • point of entry
  • unknown
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One as a Service
  • Trend Micro Cloud App Security
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
ruleType string false - The rule type which is applied to the traffic access Zero Trust Secure Access - Private Access
ruleUuid string true - The signature UUID from the DV (Digital Vaccine)
  • 00000001-0001-0001-0001-000000007610
  • 00000001-0001-0001-0001-000000007120
  • 00000001-0001-0001-0001-000000017056
  • TippingPoint Security Management System
  • Trend Cloud One - Network Security
  • Trend Micro Cloud App Security
  • Zero Trust Secure Access - Private Access
ruleUuid string true - The risk assessment and control design that is defined by Zero Trust Secure Access risk control rules 11111111-1111-1111-1111-111111111111 Zero Trust Secure Access - Private Access
serverProtocol string true - The version of the HTTP protocol between the Service Gateway and server/website HTTP/1.1
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
serverTls string true - The TLS version between the Service Gateway and server/website TLS 1.2
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
sessionEnd string true - The session end time, in seconds 1575462989 Zero Trust Secure Access - Private Access
sessionEnd string true - The session end time, in seconds 1575462989
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
sessionStart string true - The session start time, in seconds 1575462989 Zero Trust Secure Access - Private Access
sessionStart string true - The session start time (in seconds) 1575462989
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
spt int true Port The source port
  • 53
  • 7680
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
spt int true Port The virtual port of the source assigned to the Secure Access Module (srcport) 57763
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
src dynamic true
  • IPv4
  • IPv6
 The source IP 10.10.10.10
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • Trend Micro Apex One as a Service
  • Trend Cloud One - Endpoint & Workload Security
  • TippingPoint Security Management System
  • Trend Micro Deep Security
  • Trend Cloud One - Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Trend Vision One Container Security
  • Mobile Network Security
src string true
  • IPv4
  • IPv6
 The source IP address (srcaddr) 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
userAgent string false - The user agent or the agent through which the request was made
  • Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0)
  • Chrome/74.0.3729.108 Safari/537.36
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access

Field Statistics

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.