Provides general information about threats detected by
Attack Discovery
Detailed Attack Discovery Detection Information
|
Data
|
Description
|
|
Object Value
|
The name of the object targeted by the detected threat
|
|
Object Type
|
The type of object targeted by the detected threat
|
|
First Logged
|
The time when the threat detection was first logged by Attack
Discovery
|
|
File Directory
|
The directory of the object targeted by the detected threat
|
|
Process ID
|
The PID of the process
|
|
CLI Command
|
The process command that triggered the threat detection
|
|
Signer
|
The certificate signer
|
|
User Domain
|
The domain name of the detected user account
|
|
User Name
|
The account name associated with the object
|
|
Impersonated User Name
|
The user name that the threat impersonated
|
|
Authentication ID
|
The local unique identifier assigned to the logon session
|
|
Integrity Level
|
The level of protection or access assigned to the logon user
|
|
File SHA-1
|
The SHA-1 hash value of the object file
|
|
File SHA-256
|
The SHA-256 hash value of the object file
|
|
File MD5
|
The MD5 hash value of the object file
|
|
Census Rating
|
The rating determined by Trend Micro threat experts based on the
recorded history of the file
|
|
File Security Owner
|
The current owner of the file according to the file properties
|
|
File Security Owner Domain
|
The domain of the current owner of the file according to the file
properties
|
|
File Security Previous Owner
|
The previous owner of the file according to the file properties
|
|
File Security Previous Owner Domain
|
The domain of the previous owner of the file according to the file properties
|
|
Registry Key
|
The registry key that the threat accessed
|
|
Registry Value Name
|
The registry value name that the threat accessed
|
|
Registry Value Data
|
The registry value data that the threat accessed
|
|
AMSI App Name
|
The application name or scripting language associated with the
threat
|
|
AMSI App Full Path
|
The full path of the application associated with the threat
|
|
AMSI App Version
|
The application version associated with the threat
|
|
AMSI Script Source
|
The file name and extension of the script source
|
|
AMSI Script Content
|
The content of the script
|
|
AMSI Script Source SHA-1
|
The SHA-1 hash value of the script source
|
|
AMSI Script Source SHA-256
|
The SHA-256 hash value of the script source
|
|
Source IP Address
|
The source IP address of the detected threat
|
|
Source IP Address Port
|
The source IP address port number of the detected
threat
|
|
Destination IP Address
|
The IP address that the threat accessed
|
|
Destination IP Address Port
|
The IP port number that the threat accessed
|
|
Destination URL
|
The URL that the threat accessed
|
|
Destination Domain
|
The domain name that the threat accessed
|
|
WMI Event
|
The WMI event information associated with the threat
|
|
Windows Event Source
|
The name of the software that logged the event according to the
Windows Event Logs
|
|
Windows Event Log Content
|
The Windows Event log content that triggered the detection
|
|
Auth Priv Name
|
The Authorization Privilege Name that the threat modified
|
|
Auth Priv Attribute
|
The Authorization Privilege Attribute that the threat modified
|
|
Auth Priv Disable All
|
The status of the Authorization Privilege Disable All that the threat
modified
|