|
Field Name
|
Type
|
General Field
|
Description
|
Example
|
Products
|
|
clusterId
|
string |
-
|
The cluster ID of the container
|
TestCluster-2HJdImvH6eO1fgTnCBK3xYA7Sph |
Trend Cloud One -Container Security
|
|
clusterName
|
string |
-
|
The cluster name of the container
|
TestCluster |
Trend Cloud One - Container Security
|
|
containerId
|
string |
-
|
The Kubernetes container ID
|
7d1e00176d78 |
Trend Cloud One - Container Security
|
|
containerImage
|
string |
-
|
The Kubernetes container image
|
debian:latest |
Trend Cloud One - Container Security
|
|
containerName
|
string |
-
|
The Kubernetes container name
|
k8s_democon_longrunl_default_09451f51-7124-4aa5-a5c4-ada24efe9da9_0 |
Trend Cloud One - Container Security
|
|
dpt
|
int32 |
Port
|
The destination port
|
-
|
Trend Cloud One - Container Security
|
|
dst
|
string |
|
The destination IP
|
|
Trend Cloud One - Container Security
|
|
eventId
|
enum_TelemetryHeader.TELEMETRY_EVENT_ID |
-
|
The event type
|
-
|
Trend Cloud One - Container Security
|
|
eventSubId
|
enum_TelemetryHeader.TELEMETRY_EVENT_SUB_ID |
-
|
The access type
|
|
Trend Cloud One - Container Security
|
|
eventTime
|
int64 |
-
|
The time the agent detected the event
|
1657781088000 |
Trend Cloud One - Container Security
|
|
filterRiskLevel
|
string |
-
|
The top-level risk level of the event
|
|
Security Analytics Engine
|
|
k8sNamespace
|
string |
-
|
The Kubernetes namespace of the container
|
default |
Trend Cloud One - Container Security
|
|
k8sPodId
|
string |
-
|
The Kubernetes pod ID of the container
|
09451f51-7124-4aa5-a5c4-ada24efe9da9 |
Trend Cloud One - Container Security
|
|
k8sPodName
|
string |
-
|
The Kubernetes pod name of the container
|
longrunl |
Trend Cloud One - Container Security
|
|
logReceivedTime
|
int64 |
-
|
The time when the XDR log was received
|
1656324260000 |
Security Analytics Engine
|
|
objectFilePath
|
string |
|
The file path of the target process image or target file
|
|
Trend Cloud One - Container Security
|
|
objectUser
|
string |
UserAccount
|
The owner name of the target process or the sign-in user name
|
|
Trend Cloud One - Container Security
|
|
parentCmd
|
string |
CLICommand
|
The command line entry of the parent process
|
|
Trend Cloud One - Container Security
|
|
parentFilePath
|
string |
|
The file path of the parent process
|
|
Trend Cloud One - Container Security
|
|
parentPid
|
int32 |
-
|
The PID of the parent process
|
|
Trend Cloud One - Container Security
|
|
processCmd
|
string |
CLICommand
|
The command line entry of the subject process
|
|
Trend Cloud One - Container Security
|
|
processFilePath
|
string |
|
The file path of the subject process
|
|
Trend Cloud One - Container Security
|
|
processName
|
string |
ProcessName
|
The image name of the process that triggered the event
|
|
Trend Cloud One - Container Security
|
|
processPid
|
int32 |
-
|
The PID of the subject process
|
|
Trend Cloud One - Container Security
|
|
productCode
|
string |
-
|
The internal product code
|
|
Security Analytics Engine
|
|
pver
|
string |
-
|
The product version
|
|
Trend Cloud One - Container Security
|
|
spt
|
int32 |
Port
|
The source port
|
|
Trend Cloud One - Container Security
|
|
src
|
string |
|
The source IP
|
|
Trend Cloud One - Container Security
|
|
srcFilePath
|
string |
|
The source file path
|
|
Trend Cloud One - Container Security
|
|
tags
|
string[] |
|
The detected ID based on the alert filter
|
|
|
|
uuid
|
string |
-
|
The unique key of the log
|
|
Security Analytics Engine
|
Views: