Views:
Important
Important
This data source query method is no longer available after February 2, 2026. For more information on the currently available data sources for use in XDR Data Explorer queries, go to https://trendmicro.github.io/tm-v1-schema/pages/index.
General Field
Corresponding Fields
Example
Endpoint Activity Data
Network Activity Data
Detection Data
AccountDomain
  • -
  • userDomain
  • userDomain
-
CLICommand
  • objectCmd
  • parentCmd
  • processCmd
  • -
  • processCmd
  • objectCmd
  • parentCmd
  • botCmd
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=en-US --no-sandbox
DomainName
  • hostName
  • objectHostName
  • requestBase
  • userDomain
  • hostName
  • sslCertCommonName
  • shost
  • dhost
  • hostName
  • interestedHost
  • userDomain
  • shost
  • dhost
  • denyListHost
  • domainName
  • peerHost
  • requestBase
  • sslCertCommonName
  • netBiosDomainName
self.events.data.microsoft.com
EmailMessageID
  • -
  • msgId
  • msgId
<rRzmIhBrXbgjvr4uhIwCcbtE6BnmgNTtAU51qWmqY@example.online>
EmailRecipient
  • -
  • duser
  • duser
john_doe@example.com
EmailSender
  • -
  • suser
  • suser
john_doe@example.com
EmailSubject
  • -
  • mailMsgSubject
  • mailMsgSubject
Subject: From the desk of the Nigerian Prince
EndpointID
  • endpointGuid
  • endpointGUID
  • endpointGUID
e3c49595-09b9-47a3-a43f-6c21aa52e54f
EndpointName
  • endpointHostName
  • endpointHostName
  • endpointHostName
  • userDomain
hr-johndoe1
FileFullPath
  • objectFilePath
  • parentFilePath
  • processFilePath
  • srcFilePath
  • fileName
  • filePath
  • filePathName
  • objectFilePath
  • processFilePath
  • fullPath
  • parentFilePath
  • malSrc
  • targetShare
  • srcFilePath
C:\Program Files (x86)\temp\Application\test.exe
FileMd5
  • objectFileHashMd5
  • parentFileHashMd5
  • processFileHashMd5
  • srcFileHashMd5
  • -
  • attachmentFileHashMd5
  • objectFileHashMd5
  • parentFileHashMd5
  • processFileHashMd5
  • srcFileHashMd5
  • fileHashMd5
46CFB4E38C6299983048DE39012FD08F
FileName
  • objectFilePath
  • parentFilePath
  • processFilePath
  • srcFilePath
  • fileName
  • fileName
  • objectFileName
  • compressedFileName
  • attachmentFileName
  • processFilePath
example.exe
FileSHA1
  • objectFileHashSha1
  • parentFileHashSha1
  • processFileHashSha1
  • srcFileHashSha1
  • fileHash
  • respFileHash
  • fileHash
  • attachmentFileHash
  • attachmentFileHashSha1
  • compressedFileHash
  • denyListFileHash
  • objectFileHashSha1
  • oldFileHash
  • parentFileHashSha1
  • processFileHashSha1
  • appPublicKeySha1
  • highlightedFileHashes
  • objectPayloadFileHashSha1
  • srcFileHashSha1
98A9A1C8F69373B211E5F1E303BA8762F44BC898
FileSHA2
  • objectFileHashSha256
  • parentFileHashSha256
  • processFileHashSha256
  • srcFileHashSha256
  • fileHashSha256
  • respFileHashSha256
  • fileHashSha256
  • attachmentFileHashSha256
  • compressedFileHashSha256
  • objectFileHashSha256
  • parentFileHashSha256
  • processFileHashSha256
  • appDexSha256
  • srcFileHashSha256
16e4e8b57e82159a16f5d7d898da9e2a4fbe90c17cd95c02074e75226337c90a
HostDomain
  • hostName
  • hostName
  • requestBase
  • sslCertCommonName
  • hostName
  • requestBase
  • sslCertCommonName
-
IPv4
  • endpointIp
  • objectIp
  • objectIps
  • dst
  • src
  • publicSrc
  • dst
  • src
  • clientIp
  • serverIp
  • httpXForwardedForIp
  • resolvedUrlIp
  • ObjectIps
  • pktSrcAddr
  • pktDstAddr
  • src
  • dst
  • interestedIp
  • endpointIp
  • peerIp
  • denyListIp
  • objectIp
  • rawSrcIp
  • rawDstIp
192.0.2.0
IPv6
  • endpointIp
  • objectIp
  • objectIps
  • dst
  • src
  • publicSrc
  • dst
  • src
  • clientIp
  • serverIp
  • httpXForwardedForIp
  • resolvedUrlIp
  • ObjectIps
  • pktSrcAddr
  • pktDstAddr
  • src
  • dst
  • interestedIp
  • endpointIp
  • peerIp
  • denyListIp
  • objectIp
  • rawSrcIp
  • rawDstIp
2001:0db8:85a3:0000:0000:8a2e:0370:7334
Port
  • objectPort
  • spt
  • dpt
  • publicSpt
  • spt
  • dpt
  • clientPort
  • serverPort
  • resolvedUrlPort
  • dpt
  • spt
  • rawSrcPort
  • rawDstPort
8080
ProcessFullPath
  • processFilePath
  • -
  • processFilePath
C:\Program Files (x86)\temp\Application\test.exe
ProcessName
  • processFilePath
  • processName
  • -
  • processName
-
RegistryKey
  • objectRegistryKeyHandle
  • -
  • objectRegistryKeyHandle
hklm\software\wow6432node\microsoft\windows\currentversion\run
RegistryValue
  • objectRegistryValue
  • -
  • objectRegistryValue
its_ie_settings
RegistryValueData
  • objectRegistryData
  • -
  • objectRegistryData
wscript "C:\Program Files (x86)\JNJ\ITS_IE_PREF\IE_Preferences.vbs"
Tactic
  • -
  • -
  • tacticId
  • tags
TA0008
Technique
  • tags
  • tags
  • techniqueId
  • tags
T1210
URL
  • request
  • request
  • httpReferer
  • httpLocation
  • requests
  • request
  • botUrl
  • cccaDestination
  • httpReferer
https://www.example.com
UserAccount
  • logonUser
  • objectUser
  • processUser
  • principalName
  • suid
  • sUser1
  • dUser1
  • suid
  • dUser1
  • processUser
  • sUser1
  • objectUser
john_doe