Views:
Field Name
Type
General Field
Description
Example
Products
actResult
  • string[]
-
The action result
  • Success
  • Collaboration Sensor
actionName
  • string
-
The user or service action
  • UserLoggedIn
  • Collaboration Sensor
applicationId
  • string
-
The application ID
  • 8ee8fdad-f234-4243-8f3b-15c294843740
  • Collaboration Sensor
attachmentFileHashSha256s
  • string[]
  • FileSHA2
The SHA-256 hash of the email attachment
  • 0570dfd156ee00cb7bc2a94998157cb3a29292b9e9feed82d4b6c7d2c6bdd9d4
  • 2d96ebbbc5a5687b0f18fd5620e4e5489d49a877430146bbca447fabe9c47a6e
  • 20d27422610967122439735cbcb48e4382a16e94a8b29c068e6b7d0e40466427
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentFileHashes
  • string[]
  • FileSHA1
The SHA-1 hash of the email attachment
  • acedb7898338a46f38d148d1d0456e644576d41b
  • ea6fcc4c0c1f10d71742b29e98a977d995473dd1
  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentFileName
  • string[]
  • FileName
The file name of the email attachment
  • image001.png
  • image002.png
  • image003.png
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentFileTlshes
  • string[]
-
The TLSH hash detected by Trend Micro Anti-Spam Engine
-
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
attachmentMd5
  • string[]
  • FileMD5
The MD5 hash of the email attachment
  • 003fa299ab119219596f952c68029810
  • 03aeabf6a745cb627ee29c05a22e58cb
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentSha1
  • string[]
  • FileSHA1
The SHA-1 hash of the email attachment
  • 03d8fb85556edf397d8afcafc0b13f11ecbde50c
  • 056a2975edffe7188c03c324ae4335f9380b57e3
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentSha256
  • string[]
  • FileSHA2
The SHA-256 hash of the email attachment
  • 29d72af5608ee5eade7c4346d3c32dfcc6b54f8fb43d977ff0306ad68b255a01
  • cb0628092ddea96bb040221b5c793dbbb792a67d0621bdfba170c07374d85801
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentSize
  • int64[]
-
The attachment file size
-
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
attachmentSource
  • string[]
-
The attachment source
  • TMASE
  • PRODUCT
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentTlsh
  • string[]
-
The TLSH hash detected by Trend Micro Anti-Spam Engine
  • 0FE18E0807B75799EF3ADD7A98D62411FEB31DAB419C913C058068A3A6B33BD114EA39
  • 7C31C9827A71A905CC6B0A73B10FE80C06F01E814AA396347F8B6F979690E9C3D75147
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
attachmentUrls
  • object_AttachmentUrl[]
-
The URLs and URL sources extracted from the email attachment
-
  • Trend Micro Email Security
  • Email Sensor
clientIp
  • string
  • IPv4
  • IPv6
The client IP
  • 10.10.10.10
  • 123.123.123.10
  • Collaboration Sensor
cloudStorageId
  • string
-
The file or folder location ID
  • 3d8752ef-a57b-4c7e-8b07-0d7deeb90eb9
  • Collaboration Sensor
cloudStorageName
  • string
-
The file or folder URL
  • https://test.sharepoint.com/sites/FILA
  • Collaboration Sensor
correlationId
  • string
-
The correlation ID
  • 7f545dec-5f3b-443f-9f2e-282499deaaef
  • Collaboration Sensor
eventId
  • enum_MESSAGING_EVENT_ID
-
The event ID
  • 1 - MESSAGING_EMAIL_META
  • 2 - MESSAGING_COLLABORATION_ACTIVITY
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
  • Collaboration Sensor
eventName
  • string
-
The event type
  • COLLABORATION_ACTIVITY
  • Collaboration Sensor
eventSubName
  • string
-
The event type sub-name
  • Audit.Exchange
  • Audit.Sharepoint
  • Audit.General
  • Collaboration Sensor
eventTime
  • int64
-
The time the agent detected the event
  • 1657135700000
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
extraInfo
  • string[]
-
The additional information about the sharing action
  • <ClientType>SPHomePagesWeb</ClientType>
  • Collaboration Sensor
fileExt
  • string
-
The file extension (If the object is a folder, there is no value for this field.)
  • jpg
  • Collaboration Sensor
fileName
  • string
  • FileName
The file or folder name
  • test.pdf
  • Collaboration Sensor
filterRiskLevel
  • string
-
The top-level risk level of the event
  • info
  • low
  • medium
  • Security Analytics Engine
isExternalAccess
  • bool
-
Whether the cmdlet was run by an external user (True=external user, False=internal user in your organization)
  • true
  • Collaboration Sensor
isSensitiveInfo
  • bool
-
Whether the event contains sensitive information
  • true
  • Collaboration Sensor
logReceivedTime
  • int64
-
The time when the XDR log was received
  • 1656324260000
  • Security Analytics Engine
mExternalUid
  • string
-
The unique ID of the email
  • 00001300@jasperengines.com@@<DS7PR19MB62774CC3DB9201971B5BCE63A0909@DS7PR19MB6277.namprd19.prod.outlook.com>@@69cd4d99e0ab75eadd9b987191c66b4e@@1
  • 00001389@jasperengines.com@@<c332bb6e-ba21-4fae-bfd1-1f548a571587>@@5245531282021f313d11e5d5422436cb@@1
  • 00001392@jasperengines.com@@<573186405.1072205.1658257233431.JavaMail.cloud@p2-elasticrender-0bea27432cfd6429e>@@9857ba30b94835e87dedf3aa00a85784@@1
  • Trend Micro Cloud App Security
  • Email Sensor
mailAttachmentHash
  • string
  • FileMD5
The hash value of the email attachment
  • 02ab50ee0bccadb43d6cc504928f2ff2
  • 0a0f335fb04f1acebb7500d5358321c0
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailBccAddresses
  • string[]
  • EmailRecipient
The BCC address in the email header
  • customermarketing@flowserve.com
  • diego.sales@quero-quero.com.br
  • guilherme.cardoso@verdecard.com.br
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
mailCacheId
  • string
-
The internal email cache ID to identify emails in the same group
  • <CAAQw8Mj0mFrshPQwS5dwEtFHwdEp2MJfFmMVxe@mail.gmail.com>
  • Trend Micro Cloud App Security
  • Email Sensor
mailCcAddresses
  • string[]
  • EmailRecipient
The CC address in the email header
  • <ListaVerdecard-MIS@quero-quero.com.br>
  • produccion@bancoppel.com
  • sbastidas@bancoppel.com
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailDirection
  • int32
-
The email traffic direction
  • 1
  • 3
  • 25
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailEurekaRuleIds
  • string[]
-
The list of rule IDs scanned by Eureka and detected by Trend Micro Anti-Spam Engine
  • 661030
  • 661230
  • 661267
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
mailFeatureId
  • int64[]
-
The email protocol detected by Trend Micro Anti-Spam Engine
-
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
mailFolder
  • string
-
The email folder name
  • Inbox
  • Bandeja de entrada
  • Sent Items
  • Trend Micro Cloud App Security
  • Email Sensor
mailFromAddresses
  • string[]
  • EmailSender
The From address in the email header
  • noreply@email.teams.microsoft.com
  • viva-noreply@microsoft.com
  • notification@fbworkmail.com
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailHeaderHash
  • string
-
The email header hash detected by Trend Micro Anti-Spam Engine
  • 43f8bfc02d8f78f069c254bc17eba80b
  • aa5d16ca145f91471e482d235843aac5
  • ad8776382ea4b7cffd0961c70223162e
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailHelo
  • string
-
The HELO command detected by Trend Micro Anti-Spam Engine
  • HELO inpost.tmes.trendmicro.com
  • HELO edge.itau-unibanco.com.br
  • HELO us-smtp-1.mimecast.com
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailMetaText
  • string
-
The postman meta text detected by Trend Micro Anti-Spam Engine
  • Trend Micro Email Security
  • Email Sensor
mailMetaTraceId
  • string
-
The trace ID generated by Trend Micro Feedback Engine
  • Trend Micro Email Security
  • Email Sensor
mailMsgId
  • string
  • EmailMessageID
The email ID
  • <01000181c6c8054d-a28e440d-23d0-4427-845e-a5af5a7aac60-000000@email.amazonses.com>
  • <01000181fe0a3ce6-ff51a59e-0c83-461e-9ca9-ef55aa4089b5-000000@email.amazonses.com>
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailMsgSubject
  • string
  • EmailSubject
The email subject
  • Your daily briefing
  • Security alert for DeleteSecurityGroup on Account 549918006255 in Region: ap-southeast-1
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailReplyToAddresses
  • string[]
-
The Reply To address detected by Trend Micro Anti-Spam Engine
  • noreply@fbworkmail.com
  • itau@service-now.com
  • no-reply@sharepointonline.com
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailRuleId
  • string[]
-
The rule ID of the matched rule detected by Trend Micro Anti-Spam Engine
  • 42003
  • 148036
  • 148140
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailScore
  • int64
-
The score assigned to the email by Trend Micro Anti-Spam Engine
-
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
mailSenderIp
  • string
-
The email sender IP address
  • 255.255.255.255
  • 200.196.154.13
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailSmtpFromAddresses
  • string[]
-
The sender email address
  • nullsender@tmes.trendmicro.com
  • notification@fbworkmail.com
  • noreply@email.teams.microsoft.com
  • Trend Micro Email Security
  • Email Sensor
mailSmtpOriginalRecipients
  • string[]
-
The original email recipients in the SMTP envelope
  • jesada.gonkratoke@scb.co.th
  • central.transportes_al@braskem.com
  • centraltransporte.al@grupopredial.com.br
  • Trend Micro Email Security
  • Email Sensor
mailSmtpRecipients
  • string[]
-
The email recipients in the SMTP envelope after scanning
  • jesada.gonkratoke@scb.co.th
  • central.transportes_al@braskem.com
  • centraltransporte.al@grupopredial.com.br
  • Trend Micro Email Security
  • Email Sensor
mailSmtpTls
  • string
-
The SMTP TLS version number
  • TLS 1.2
  • TLS 1.3
  • noTLS
  • Trend Micro Email Security
  • Email Sensor
mailSourceDomain
  • string
-
The sender email domain
  • itau-unibanco.com.br
  • coppel.com
  • ehi.com
  • Trend Micro Cloud App Security
  • Email Sensor
mailTagHash
  • string
-
The email tag hash detected by Trend Micro Anti-Spam Engine
  • 9ce01ebc63f408264876646e20905349
  • cf679dc99042b781106cbaccd4045ed3
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailTagHashRawSignature
  • string
-
The raw signature hash of the email
  • PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjxtZXRhIG5hbWU9IGNvbnRlbnQ9ID48c3R5bGU+PCEtLS0tPjwvc3R5bGU+PC9oZWFkPjxib2R5IGxhbmc9IGxpbms9IHZsaW5rPSBzdHlsZT0gPjxkaXYgY2xhc3M9ID48cCBjbGFzcz0gPjxURVhUPjwvcD48L2Rpdj48L2JvZHk+PC9odG1sPg==
  • PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0gY29udGVudD0gY2hhcnNldD0gPjwvaGVhZD48Ym9keT48VEVYVD48L2JvZHk+PC9odG1sPg==
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailTextHash
  • string
-
The email text hash detected by Trend Micro Anti-Spam Engine
  • 221bab3766f6d2a2c6fcc37056511d53
  • f26f3a415103ea083ac49be6bb60f337
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailThreatType
  • string
-
The type of email detected by Trend Micro Anti-Spam Engine
  • suspected
  • suspected,
  • suspected, phishing
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailToAddresses
  • string[]
  • EmailRecipient
The Mail To address in the email header
  • jesada.gonkratoke@scb.co.th
  • daniel.goncalves@bancobmg.com.br
  • jefferson.molino@bancobmg.com.br
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailUrlHash
  • string
-
The email URL hash detected by Trend Micro Anti-Spam Engine
  • ca52197d96e4a00ce19eaf34b20c8937
  • ad50776a891bead6bf222e2b7be17724
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailUrlsOriginalLink
  • string[]
-
The original URL extracted from the email content
  • https://aka.ms/JoinTeamsMeeting
  • http://go.microsoft.com/fwlink/p/?LinkID=512132
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailUrlsRealLink
  • string[]
  • URL
The URL extracted from the email content
  • https://aka.ms/JoinTeamsMeeting
  • http://go.microsoft.com/fwlink/p/?LinkID=512132
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailUrlsVisibleLink
  • string[]
  • URL
The URL extracted from the email content
  • Unsubscribe
  • Android
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailUserAgent
  • string
-
The user agent
  • Mutt/1.4.2.2i
  • Heirloom mailx 12.5 7/5/10
  • Trend Micro Email Security
  • Trend Micro Cloud App Security
  • Email Sensor
mailWantedHeaderName
  • string[]
-
The WantedHeader key name detected by Trend Micro Anti-Spam Engine
  • CC
  • X-TM-Product-Ver
  • Received
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailWantedHeaderValue
  • string[]
-
The WantedHeader key value detected by Trend Micro Anti-Spam Engine
  • cloud-app-security-5.0
  • BCL:0;
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailWholeHeader
  • string[]
-
The name and email address of the sender in the From header detected by Trend Micro Anti-Spam Engine
  • "Microsoft Viva"<viva-noreply@microsoft.com>
  • "AWS CloudWatch Event Rule Security Alert!" <no-reply@sns.amazonaws.com>
  • <EMAILAUTOMATICO@CORREIO.ITAU.COM.BR>
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailXMailer
  • string
-
The X-Mailer header of the email
  • Microsoft Outlook 16.0
  • Microsoft CDO for Windows 2000
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
mailbox
  • string
-
The primary email address
  • luis.sanchezl@arus.com.co
  • acbaylon@ngcp.ph
  • gabriel.andre@bancobmg.com.br
  • Trend Micro Cloud App Security
  • Email Sensor
msgUuid
  • string
-
The internal email UUID to identify each email message
  • 00004c28-bda5-496d-ae90-5182d36e9396
  • 002ac78d-862a-408f-80c2-34bd52a2adaa
  • 004f276e-8588-49b2-a7ed-eb86567bf2d7
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
msgUuidChain
  • string
-
The internal UUID chain for each email in Trend Micro Feedback Engine
  • 00004c28-bda5-496d-ae90-5182d36e9396;00004c28-bda5-496d-ae90-5182d36e9396
  • 002ac78d-862a-408f-80c2-34bd52a2adaa;002ac78d-862a-408f-80c2-34bd52a2adaa
  • 004f276e-8588-49b2-a7ed-eb86567bf2d7;004f276e-8588-49b2-a7ed-eb86567bf2d7
  • Trend Micro Email Security
  • Email Sensor
orgId
  • string
-
The organization ID
  • 182a3fa0-a3a7-11eb-8590-8d526fa1feaa
  • 4da1fde0-b022-11ea-aa58-cf3ff4ef7956
  • 784a57b0-336d-11e8-887d-8f04f83dbb5b
  • Trend Micro Cloud App Security
  • Email Sensor
orgName
  • string
-
The tenant name
  • test.onmicrosoft.com
  • Collaboration Sensor
originatingServer
  • string
-
The server where the operation originated
  • TY0PR03MB6449 (15.20.5746.023)
  • Collaboration Sensor
parameters
  • string
-
The names and values of all parameters used in the cmdlet identified in the Operations property
  • [{"Name": "AlwaysDeleteOutlookRulesBlob","Value": "False"},{"Name" : "Force","Value": "False"}]
  • Collaboration Sensor
pname
  • string
-
The internal product code (deprecated)
  • 733
  • 742
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
policyTreePath
  • string
-
The policy tree path (endpoint only)
  • policyname1/policyname2/policyname3
  • Security Analytics Engine
principalName
  • string
  • UserAccount
The User Principal Name
  • clark@company.com
  • Collaboration Sensor
productCode
  • string
-
The product code of the product that sent the log
  • sca
  • sem
  • Security Analytics Engine
recordType
  • int32
-
The operation type
  • 1
  • 2
  • Collaboration Sensor
scanTs
  • int64
-
The time the email was scanned
  • 1657135700000
  • Trend Micro Cloud App Security
  • Email Sensor
scanType
  • string
-
The manual or real-time scan type
  • realtime_mailmeta-exchange
  • realtime_mailmeta-gmail
  • gateway_mailmetadata
  • Trend Micro Cloud App Security
  • Trend Micro Email Security
  • Email Sensor
service
  • string
-
The Microsoft 365 service where the activity occurred
  • SecurityComplianceCenter
  • AzureActiveDirectory
  • SharePoint
  • Collaboration Sensor
tags
  • string[]
-
The detected technique ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
  • Security Analytics Engine
target
  • string
-
The object accessed by a user or application
  • APCPR000000.PROD.OUTLOOK.COM/Microsoft Exchange Hosted
  • Organizations/test.onmicrosoft.com/test\\testRule001
  • Collaboration Sensor
targetType
  • string
-
The type of object that was accessed or modified
  • File
  • Collaboration Sensor
userAgent
  • string
-
The user agent
  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
  • Collaboration Sensor
userSessionId
  • string
-
The user session ID
  • d45aa435-d768-4f13-9d54-cd8f596d2641
  • Collaboration Sensor
userType
  • string
-
The user type
  • Regular
  • Reserved
  • Admin
  • Collaboration Sensor
uuid
  • string
-
The unique key of the log entry
  • 00008a58-5c57-46b2-ad06-335035989d08
  • 0000ca1e-abfa-4013-9213-2dcf5cf1c4d0
  • 0001469c-dc16-469f-8e44-3d02d2057250
  • Security Analytics Engine
Related information