Views:
Important
Important
This data source query method is no longer available after February 2, 2026. For more information on the currently available data sources for use in XDR Data Explorer queries, go to https://trendmicro.github.io/tm-v1-schema/pages/index.
Field Name
Type
General Field
Description
Example
Products
clusterId
  • string
-
The cluster ID of the container
  • TestCluster-2HJdImvH6eO1fgTnCBK3xYA7Sph
  • Trend Cloud One - Container Security
clusterName
  • string
-
The cluster name of the container
  • TestCluster
  • Trend Cloud One - Container Security
containerId
  • string
-
The Kubernetes container ID
  • 7d1e00176d78
  • Trend Cloud One - Container Security
containerImage
  • string
-
The Kubernetes container image
  • debian:latest
  • Trend Cloud One - Container Security
containerName
  • string
-
The Kubernetes container name
  • k8s_democon_longrunl_default_11111111-1111-1111-1111-111111111111_0
  • Trend Cloud One - Container Security
customAssetTags
  • dynamic
-
The list of custom asset tags
  • {"os":["linux", "windows"], "org":["bu1"]}
  • Trend Cloud One - Container Security
dpt
  • int
  • Port
The destination port
-
  • Trend Cloud One - Container Security
dst
  • string
  • IPv4
  • IPv6
The destination IP
  • ::
  • 10.10.10.10
  • Trend Cloud One - Container Security
eventId
  • int
-
The event type
-
  • Trend Cloud One - Container Security
eventSubId
  • int
-
The access type
  • 2 - TELEMETRY_PROCESS_CREATE
  • 101 - TELEMETRY_FILE_CREATE
  • 204 - TELEMETRY_CONNECTION_CONNECT_OUTBOUND
  • Trend Cloud One - Container Security
eventTime
  • real
-
The time the agent detected the event
  • 1657781088000
  • Trend Cloud One - Container Security
filterRiskLevel
  • string
-
The top-level risk level of the event
  • info
  • low
  • medium
  • All products
groupId
  • string
-
The group ID for the management scope filter
  • 11111111-1111-1111-1111-111111111111
  • All products
k8sNamespace
  • string
-
The Kubernetes namespace of the container
  • default
  • Trend Cloud One - Container Security
k8sPodId
  • string
-
The Kubernetes pod ID of the container
  • 11111111-1111-1111-1111-111111111111
  • Trend Cloud One - Container Security
k8sPodName
  • string
-
The Kubernetes pod name of the container
  • longrunl
  • Trend Cloud One - Container Security
logReceivedTime
  • long
-
The time when the XDR log was received
  • 1656324260000
  • All products
objectFilePath
  • string
  • FileFullPath
  • FileName
The file path of the target process image or target file
  • /usr/bin/bash
  • /bin/bash
  • /opt/folder1/probes/system/processes/processes
  • Trend Cloud One - Container Security
objectUser
  • string
  • UserAccount
The owner name of the target process or the sign-in user name
  • root
  • SYSTEM
  • oracle
  • Trend Cloud One - Container Security
parentCmd
  • string
  • CLICommand
The command line entry of the parent process
  • C:\WINDOWS\system32\services.exe
  • C:\Windows\system32\services.exe
  • /sbin/launchd
  • Trend Cloud One - Container Security
parentFilePath
  • string
  • FileFullPath
  • FileName
The file path of the parent process
  • c:\windows\system32\services.exe
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • Trend Cloud One - Container Security
parentPid
  • int
-
The PID of the parent process
  • 4
  • 1
  • 784
  • 792
  • Trend Cloud One - Container Security
platformAssetTags
  • dynamic
-
The list of platform custom asset tags
  • {"Asset group":["finance"], "some.ip": ["10.1.0.1"]}
  • Trend Cloud One - Container Security
processCmd
  • string
  • CLICommand
The command line entry of the subject process
  • C:\WINDOWS\system32\services.exe
  • C:\Windows\system32\services.exe
  • /sbin/launchd
  • Trend Cloud One - Container Security
processFilePath
  • string
  • ProcessFullPath
The file path of the subject process
  • c:\windows\system32\services.exe
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • Trend Cloud One - Container Security
processName
  • string
  • ProcessName
The image name of the process that triggered the event
  • /usr/bin/bash
  • c:\windows\system32\svchost.exe
  • c:\windows\system32\lsass.exe
  • Trend Cloud One - Container Security
processPid
  • int
-
The PID of the subject process
  • 4
  • 1
  • 784
  • 792
  • Trend Cloud One - Container Security
productCode
  • string
-
The internal product code
  • scs
  • All products
pver
  • string
-
The product version
  • 1.2.0.2752
  • 1.0.345
  • 1.2.0.2657
  • Trend Cloud One - Container Security
spt
  • int
  • Port
The source port
  • 53
  • 5353
  • 443
  • Trend Cloud One - Container Security
src
  • string
  • IPv4
  • IPv6
The source IP
  • ::
  • 10.10.10.10
  • Trend Cloud One - Container Security
srcFilePath
  • string
  • FileFullPath
  • FileName
The source file path
  • \\cnva-apps\megaclockprod\traveler\travelerprint.accdb
  • c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml
  • q:\a7_dbs\a4_pkg\a4_packaging.accde
  • Trend Cloud One - Container Security
tags
  • dynamic
  • Technique
  • Tactic
The detected ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
  • All products
  • Trend Cloud One - Container Security
uuid
  • string
-
The unique key of the log
  • 11111111-1111-1111-1111-111111111111
  • All products