tm-v1-schema

Deep Discovery Analyzer

Layer: Others

This documentation provides detailed information about all fields available for Deep Discovery Analyzer.

Field Name Type Searchable General Field Description Example Products
actionBy string true - The user account or system that triggered the event
  • admin
  • SYSTEM
  • TREND VISION ONE
 Deep Discovery Analyzer
actorHostName string true - The hostname of the actor that triggered the event CNNJ-WCCP-Pxy-1 Deep Discovery Analyzer
actorIp string true - The IP address of the actor that triggered the event
  • 192.168.1.1
  • 10.0.0.1
  • 172.16.0.1
 Deep Discovery Analyzer
actorProto string true - The protocol used by the actor that triggered the event
  • ICAP REQMOD
  • ICAP RESPMODE
 Deep Discovery Analyzer
appGroup string true - The app category of the event
  • DNS Response
  • HTTP
  • CIFS
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Discovery Analyzer
deviceDirection string true - Device Direction. If the source IP is in the internal network (the network monitored by Deep Discovery Inspector) it is tagged as outbound. All other cases are inbound. Internal-to-internal is also tagged as outbound.
  • outbound
  • inbound
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Deep Discovery Analyzer
deviceGUID string true - The GUID of the agent which reported the detection
  • 00000000-0000-0000-0000-000000000000
  • 11111111-1111-1111-1111-111111111111
  • 22222222-2222-2222-2222-222222222222
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Cloud One Network Security
  • Zero Trust Secure Access - Internet Access
  • Deep Discovery Analyzer
deviceMacAddress string true - The device mac address
  • 00:00:00:00:00:00
  • ff:ff:ff:ff:ff:ff
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Discovery Analyzer
deviceProcessName string true - The name of the main process executed during Virtual Analyzer analysis explorer.exe Deep Discovery Analyzer
dhost string true DomainName The destination hostname 10.10.10.10
  • Deep Discovery Inspector
  • Network Sensor
  • Mobile Network Security
  • Deep Discovery Analyzer
dmac string true - The MAC address of the destination IP (dest_ip)
  • 00:00:00:00:00:00
  • ff:ff:ff:ff:ff:ff
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • Deep Security
  • TXOne EdgeOne
  • Deep Discovery Analyzer
dpt int true Port The destination port
  • 445
  • 80
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • TippingPoint Security Management System
  • Deep Security
  • Cloud One Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Container Security
  • Mobile Network Security
  • Deep Discovery Analyzer
dst dynamic true
  • IPv4
  • IPv6
 The destination IP 10.10.10.10
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • TippingPoint Security Management System
  • Deep Security
  • Cloud One Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Container Security
  • Mobile Network Security
  • Deep Discovery Analyzer
duser dynamic true EmailRecipient The email recipient
  • (no user)
  • SYSTEM
  • SYSTEM
  • Endpoint & Workload Security
  • Deep Security
  • Cloud App Security
  • Email Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Email Sensor
  • Deep Discovery Analyzer
dvc dynamic true - The IP address of the Deep Discover Inspector appliance 10.10.10.10
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Discovery Analyzer
dvchost string true - The computer which installed the Trend Micro product
  • CU-PRO1-9039-2
  • LTPF32PMNN
  • Apex One as a Service
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Discovery Analyzer
engType string true - The engine type
  • Virus Scan Engine (Windows XP/Server 2003, x64)
  • Virus Scan NT Kernel Engine
  • Spyware/Grayware Scan Engine v.6 (64-bit)
  • Apex One as a Service
  • File Security
  • Deep Discovery Analyzer
eventId string true - The event ID from the logs of each product
  • 100100
  • 100101
  • 100116
  • 100117
  • 100119
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Deep Security
  • Cloud App Security
  • Endpoint Sensor
  • Email Security
  • TXOne StellarOne
  • Container Security
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Mobile Security
  • Mobile Network Security
  • Data Detection and Response
  • Deep Discovery Analyzer
eventName string true - The event type
  • LOG_INSPECTION_EVENT
  • SECURITY_RISK_DETECTION
  • WEB_THREAT_DETECTION
  • LOG_INSPECTION_EVENT
  • MALWARE_DETECTION
  • PROCESS_ACTIVITY
  • WEB_POLICY_VIOLATION
  • DEEP_PACKET_INSPECTION_EVENT
  • INTEGRITY_MONITORING_EVENT
  • DISRUPTIVE_APPLICATION_DETECTION
  • PRODUCT_SUMMARY
  • PRODUCT_UPDATE
  • BEHAVIORAL_VIOLATION
  • FIREWALL_POLICY_VIOLATION
  • SUSPICIOUS_BEHAVIOUR_DETECTION
  • DENYLIST_CHANGE
  • MACHINE_LEARNING_DETECTION
  • DLP_VIOLATION
  • MALWARE_OUTBREAK_DETECTION
  • SENSITIVE_DATA_DETECTION
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Deep Security
  • TippingPoint Security Management System
  • Cloud App Security
  • Email Security
  • Endpoint Sensor
  • Cloud One Network Security
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Mobile Security
  • Mobile Network Security
  • Data Detection and Response
  • Deep Discovery Analyzer
fileHash string true FileSHA1 The SHA-1 of the file that triggered the rule or policy
  • DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
  • 89CE26EAD139D52B8A6B61BFFC6AF89AF246580F
  • 3AD1F4E7CAA11E5199EE80B8983677ADDD065450
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Apex One as a Service
  • Zero Trust Secure Access - Internet Access
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Data Detection and Response
  • Deep Discovery Analyzer
fileHashSha256 string true FileSHA2 The SHA-256 of the file (fileName)
  • 6A6EB2D717CEA041B4444193B45EDFB6CA1287518203B7230B3C4B8FFB031EAB
  • BFF703FF836196644586014DA13A097C2EE9A08E4D596DFB7C8E0F685FE01294
  • 12327F460AC9CBBC34D39EB3CF89C7FECCA37F08773A04566840F73F6ECC4104
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Zero Trust Secure Access - Internet Access
  • Endpoint & Workload Security
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Container Security
  • Deep Discovery Analyzer
fileName dynamic true FileName The file name
  • spoolss
  • hosts
  • svcrestarttask
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Deep Security
  • Zero Trust Secure Access - Internet Access
  • TXOne StellarOne
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Deep Discovery Analyzer
fileSize string true - The file size of the suspicious file
  • 0
  • 1255856
  • 1237880
  • Deep Discovery Inspector
  • Network Sensor
  • Zero Trust Secure Access - Internet Access
  • Apex One as a Service
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Deep Discovery Analyzer
fileType string true - The file type of the suspicious file
  • EXE
  • LNK
  • MIME
  • Deep Discovery Inspector
  • Network Sensor
  • Zero Trust Secure Access - Internet Access
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Container Security
  • Deep Discovery Analyzer
mailMsgSubject string true EmailSubject The email subject
  • FW. mail subject
  • ManageEngine
  • Cloud App Security
  • Deep Discovery Inspector
  • Network Sensor
  • Email Security
  • Apex One as a Service
  • Email Sensor
  • Deep Discovery Analyzer
malName string true - The name of the detected malware
  • SecurityLevelDrop
  • Regla Logs All
  • USR_SUSPICIOUS_DOMAIN.UMXX
  • Apex One as a Service
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Web Security
  • TXOne StellarOne
  • Email Sensor
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Container Security
  • Deep Discovery Analyzer
msgId string true EmailMessageID The internet message ID
  • 66.6.00.0006
  • example.test.com
  • dameware1svr
  • Cloud App Security
  • Email Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Email Sensor
  • Deep Discovery Analyzer
pname string true - The internal product ID
  • Trend Micro Deep Security
  • Deep Discovery Inspector
  • Apex One
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Deep Security
  • Cloud App Security
  • Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Web Security
  • Cloud One Network Security
  • Zero Trust Secure Access - Internet Access
  • Mobile Security
  • Container Security
  • Email Sensor
  • Deep Discovery Analyzer
pver string true - The product version
  • 20.0.0.4726
  • 20.0.0.4416
  • 6.2.1125
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Apex One as a Service
  • TippingPoint Security Management System
  • Cloud One Network Security
  • Zero Trust Secure Access - Internet Access
  • Mobile Security
  • Container Security
  • File Security
  • File Security Storage
  • Agentless Vulnerability & Threat Detection
  • Deep Discovery Analyzer
request string true URL The notable URLs
  • http://example.page.com/canonical.html
  • http://10.10.10.10
  • https://drive.google.com/
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • TippingPoint Security Management System
  • Endpoint & Workload Security
  • Zero Trust Secure Access - Internet Access
  • Cloud App Security
  • Cloud One Network Security
  • Email Security
  • Deep Security
  • Mobile Security
  • Zero Trust Secure Access - Private Access
  • Deep Discovery Analyzer
requestClientApplication string true - The protocol user agent information
  • Microsoft-Delivery-Optimization/10.0
  • Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
  • example Software GmbH
  • Deep Discovery Inspector
  • Network Sensor
  • Endpoint & Workload Security
  • Apex One as a Service
  • Deep Discovery Analyzer
rt string false - The Unix time of the log generation 1656324260000
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Deep Security
  • Cloud App Security
  • Email Security
  • TippingPoint Security Management System
  • Endpoint Sensor
  • Web Security
  • Cloud One Network Security
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Email Sensor
  • Deep Discovery Analyzer
sandboxCompletedTime long true - The timestamp when Virtual Analyzer completed the sample analysis 1656324260000 Deep Discovery Analyzer
sandboxSubmittedTime long true - The timestamp when the sample was submitted to Virtual Analyzer 1656324260000 Deep Discovery Analyzer
severity int true - The severity of the event
  • 2
  • 4
  • 6
  • 8
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Apex One as a Service
  • TippingPoint Security Management System
  • Cloud One Network Security
  • Container Security
  • Mobile Network Security
  • Deep Discovery Analyzer
shost string true DomainName The source hostname
  • dns.google
  • sw_us-east-1a_10-124-17-69
  • sw_us-east-1c_10-124-21-139
  • Endpoint & Workload Security
  • Deep Discovery Inspector
  • Network Sensor
  • Deep Security
  • Mobile Network Security
  • Deep Discovery Analyzer
smac string true - The source MAC address
  • 00:11:22:33:44:55
  • 66:77:88:99:AA:BB
  • CC:DD:EE:FF:00:11
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • Deep Security
  • TXOne EdgeOne
  • Deep Discovery Analyzer
spt int true Port The source port
  • 53
  • 7680
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • TippingPoint Security Management System
  • Deep Security
  • Cloud One Network Security
  • Endpoint Sensor
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Container Security
  • Mobile Network Security
  • Deep Discovery Analyzer
src dynamic true
  • IPv4
  • IPv6
 The source IP 10.10.10.10
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Endpoint & Workload Security
  • TippingPoint Security Management System
  • Deep Security
  • Cloud One Network Security
  • Endpoint Sensor
  • Zero Trust Secure Access - Internet Access
  • TXOne EdgeOne
  • Zero Trust Secure Access - Private Access
  • Container Security
  • Mobile Network Security
  • Deep Discovery Analyzer
suser dynamic true EmailSender The email sender sample_email@trendmicro.com
  • Cloud App Security
  • Email Security
  • Deep Discovery Inspector
  • Network Sensor
  • Apex One as a Service
  • Email Sensor
  • Deep Discovery Analyzer
targetType string true - The target object type
  • File System
  • Uncategorized
  • Exploit
  • Endpoint & Workload Security
  • Deep Security
  • Deep Discovery Analyzer

Field Statistics

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.