|
Field Name
|
Type
|
General Field
|
Description
|
Example
|
Products
|
|
appIsSystem
|
-
|
-
|
Whether the app is a system app
|
false |
Trend Vision One Mobile Security
|
|
appLabel
|
-
|
-
|
The app name (if the subject is an app)
|
Collection Nes Games |
Trend Vision One Mobile Security
|
|
appOrSystemEventHashId
|
-
|
-
|
The event object hash ID
|
3859886410 |
Trend Vision One Mobile Security
|
|
appPkgName
|
-
|
-
|
The app package name (if the subject is an app)
|
com.ConsolesXX.CollectionNesGames |
Trend Vision One Mobile Security
|
|
appPublicKeySha1
|
-
|
FileSHA1
|
The secure hash algorithm 1 (SHA-1) hash of the app public key (if the subject is
an app)
|
05FC638156219800DADAC48D8E621E0BCBD3C321 |
Trend Vision One Mobile Security
|
|
appSize
|
-
|
-
|
The app size (in bytes) if the subject is an app
|
16906043 |
Trend Vision One Mobile Security
|
|
appVerCode
|
-
|
-
|
The app version code (if the subject is an app)
|
0 |
Trend Vision One Mobile Security
|
|
endpointGuid
|
-
|
EndpointID
|
The host globally unique identifier (GUID) of the endpoint on which the event was
detected
|
|
Trend Vision One Mobile Security
|
|
endpointHostName
|
-
|
EndpointName
|
The hostname of the endpoint on which the event was detected
|
|
Trend Vision One Mobile Security
|
|
endpointIp
|
-
|
|
The internet protocol (IP) address of the endpoint on which the event was detected
|
|
Trend Vision One Mobile Security
|
|
endpointModel
|
-
|
-
|
The endpoint device model
|
Pixel 3 XL |
Trend Vision One Mobile Security
|
|
eventHashId
|
-
|
-
|
The event hash ID
|
|
Trend Vision One Mobile Security
|
|
eventId
|
-
|
-
|
The event type
|
-
|
Trend Vision One Mobile Security
|
|
eventSubId
|
-
|
-
|
The access type
|
|
Trend Vision One Mobile Security
|
|
eventTime
|
-
|
-
|
The time the agent detected the event
|
1657781088000 |
Trend Vision One Mobile Security
|
|
extraInfo
|
-
|
-
|
The extra information about the app
|
|
Trend Vision One Mobile Security
|
|
filterRiskLevel
|
-
|
-
|
The top-level risk level of the event
|
|
Security Analytics Engine
|
|
firstSeen
|
-
|
-
|
The time when the event started (in milliseconds)
|
1656355418449 |
Trend Vision One Mobile Security
|
|
lastSeen
|
-
|
-
|
The time when the event ended (in milliseconds)
|
1656355418449 |
Trend Vision One Mobile Security
|
|
logReceivedTime
|
-
|
-
|
The time when the Extended Detection and Response (XDR) log was received
|
1656324260000 |
Security Analytics Engine
|
|
logonUser
|
-
|
UserAccount
|
The sign-in user name
|
|
Trend Vision One Mobile Security
|
|
marsAccount
|
-
|
-
|
The account for Mobile Apps Reputation Service
|
XDRv1 |
Trend Vision One Mobile Security
|
|
objectAppBehavior
|
-
|
-
|
The activity that occurred on the app
|
|
Trend Vision One Mobile Security
|
|
objectAppBehaviorAttr
|
-
|
-
|
The attributes of the app activity
|
android.intent.action.BOOT_COMPLETED |
Trend Vision One Mobile Security
|
|
objectAppDexSha256
|
-
|
FileSHA2
|
The SHA-256 hash of the app Dex value
|
C23A87B77B06442FD9AF9A80DD87191EDEADFAB766C862EBC592FE18063D0449 |
Trend Vision One Mobile Security
|
|
objectAppInstalledTime
|
-
|
-
|
The time of app installation (in milliseconds)
|
1607935850 |
Trend Vision One Mobile Security
|
|
objectAppIsSystemApp
|
-
|
-
|
Whether the app is a system app
|
true |
Trend Vision One Mobile Security
|
|
objectAppLabel
|
-
|
-
|
The app name
|
Collection Nes Games |
Trend Vision One Mobile Security
|
|
objectAppPackageName
|
-
|
-
|
The app package name
|
com.ConsolesXX.CollectionNesGames |
Trend Vision One Mobile Security
|
|
objectAppPublicKeySha1
|
-
|
FileSHA1
|
The SHA-1 hash of the app public key
|
05FC638156219800DADAC48D8E621E0BCBD3C321 |
Trend Vision One Mobile Security
|
|
objectAppSha256
|
-
|
FileSHA2
|
The SHA-256 hash of the app
|
692BC8E6BC51807A24BEACC13ED2B68E1F954E152863430E3179FA812937B8B0 |
Trend Vision One Mobile Security
|
|
objectAppSize
|
-
|
-
|
The app size (in bytes)
|
16906043 |
Trend Vision One Mobile Security
|
|
objectAppVerCode
|
-
|
-
|
The app version code
|
0 |
Trend Vision One Mobile Security
|
|
objectAppVerName
|
-
|
-
|
The app version
|
1 |
Trend Vision One Mobile Security
|
|
objectCertAttr
|
-
|
-
|
The SHA-1 hash of the certificate public key
|
05FC638156219800DADAC48D8E621E0BCBD3C321 |
Trend Vision One Mobile Security
|
|
objectFileCreation
|
-
|
-
|
The time the target file was created (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
objectFileHashSha256
|
-
|
FileSHA2
|
The SHA256 hash of the target process image or target file
|
|
Trend Vision One Mobile Security
|
|
objectFileModifiedTime
|
-
|
-
|
The modification time of the target file (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
objectFilePath
|
-
|
|
The file path of the target process image or target file
|
|
Trend Vision One Mobile Security
|
|
objectFileSize
|
-
|
-
|
The target file size
|
|
Trend Vision One Mobile Security
|
|
objectFirstSeen
|
-
|
-
|
The time when the object first appeared (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
objectHashId
|
-
|
-
|
The event object hash ID
|
|
Trend Vision One Mobile Security
|
|
objectLastSeen
|
-
|
-
|
The time when the object was last seen (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
objectSystemEventAttr
|
-
|
-
|
The system event attributes
|
|
Trend Vision One Mobile Security
|
|
osName
|
-
|
-
|
The host OS name
|
|
Trend Vision One Mobile Security
|
|
osVer
|
-
|
-
|
The OS version
|
|
Trend Vision One Mobile Security
|
|
pname
|
-
|
-
|
The internal product ID (deprecated, use productCode)
|
|
Trend Vision One Mobile Security
|
|
policyTreePath
|
-
|
-
|
The policy tree path (endpoint only)
|
policyname1/policyname2/policyname3 |
Security Analytics Engine
|
|
productCode
|
-
|
-
|
The internal product code
|
|
Security Analytics Engine
|
|
pver
|
-
|
-
|
The product version
|
|
Trend Vision One Mobile Security
|
|
request
|
-
|
URL
|
The request uniform resource locator (URL)
|
|
Trend Vision One Mobile Security
|
|
srcFileCreation
|
-
|
-
|
The time when the source file was created (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
srcFileHashId
|
-
|
-
|
The source file hash ID
|
|
Trend Vision One Mobile Security
|
|
srcFileHashSha256
|
-
|
FileSHA2
|
The SHA-256 hash of source file
|
|
Trend Vision One Mobile Security
|
|
srcFileModifiedTime
|
-
|
-
|
The time when the source file was modified (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
srcFilePath
|
-
|
|
The source file path
|
|
Trend Vision One Mobile Security
|
|
srcFileSize
|
-
|
-
|
The source file size
|
|
Trend Vision One Mobile Security
|
|
srcFirstSeen
|
-
|
-
|
The time when the source file first appeared (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
srcLastSeen
|
-
|
-
|
The time when the source file was last seen (in milliseconds)
|
|
Trend Vision One Mobile Security
|
|
systemEventAttr
|
-
|
-
|
The attributes of the system event (if the subject is a system event)
|
usbdebugging |
Trend Vision One Mobile Security
|
|
tags
|
-
|
Technique
|
The detected technique ID based on the alert filter
|
|
Security Analytics Engine
|
|
userType
|
-
|
-
|
The user type
|
|
Trend Vision One Mobile Security
|
|
uuid
|
-
|
-
|
The unique key of the log
|
|
Security Analytics Engine
|
Views: