Mobile Activity Data

appIsSystem

-

-

Whether the app is a system app

appLabel

-

-

The app name (if the subject is an app)

appOrSystemEventHashId

-

-

The event object hash ID

appPkgName

-

-

The app package name (if the subject is an app)

appPublicKeySha1

-

The SHA-1 hash of the app public key (if the subject is an app)

appSize

-

-

The app size (in bytes) if the subject is an app

appVerCode

-

-

The app version code (if the subject is an app)

endpointGuid

-

The host GUID of the endpoint on which the event was detected

endpointHostName

-

The hostname of the endpoint on which the event was detected

endpointIp

-

The IP address of the endpoint on which the event was detected

endpointModel

-

-

The endpoint device model

eventHashId

-

-

The event hash ID

eventId

-

-

The event type

-

eventSubId

-

-

The access type

eventTime

-

-

The time the agent detected the event

extraInfo

-

-

The extra information about the app

filterRiskLevel

-

-

The top-level risk level of the event

firstSeen

-

-

The time when the event started (in milliseconds)

lastSeen

-

-

The time when the event ended (in milliseconds)

logReceivedTime

-

-

The time when the XDR log was received

logonUser

-

The sign-in user name

marsAccount

-

-

The account for Trend Micro Mobile Apps Reputation Service

objectAppBehavior

-

-

The activity that occurred on the app

objectAppBehaviorAttr

-

-

The attributes of the app activity

objectAppDexSha256

-

The SHA-256 hash of the app Dex value

objectAppInstalledTime

-

-

The time of app installation (in milliseconds)

objectAppIsSystemApp

-

-

Whether the app is a system app

objectAppLabel

-

-

The app name

objectAppPackageName

-

-

The app package name

objectAppPublicKeySha1

-

The SHA-1 hash of the app public key

objectAppSha256

-

The SHA-256 hash of the app

objectAppSize

-

-

The app size (in bytes)

objectAppVerCode

-

-

The app version code

objectAppVerName

-

-

The app version

objectCertAttr

-

-

The SHA-1 hash of the certificate public key

objectFileCreation

-

-

The time the target file was created (in milliseconds)

objectFileHashSha256

-

The SHA256 hash of the target process image or target file

objectFileModifiedTime

-

-

The modification time of the target file (in milliseconds)

objectFilePath

-

The file path of the target process image or target file

objectFileSize

-

-

The target file size

objectFirstSeen

-

-

The time when the object first appeared (in milliseconds)

objectHashId

-

-

The event object hash ID

objectLastSeen

-

-

The time when the object was last seen (in milliseconds)

objectSystemEventAttr

-

-

The system event attributes

osName

-

-

The host OS name

osVer

-

-

The OS version

pname

-

-

The internal product ID (deprecated, use productCode)

policyTreePath

-

-

The policy tree path (endpoint only)

productCode

-

-

The internal product code

pver

-

-

The product version

request

-

The request URL

srcFileCreation

-

-

The time when the source file was created (in milliseconds)

srcFileHashId

-

-

The source file hash ID

srcFileHashSha256

-

The SHA-256 hash of source file

srcFileModifiedTime

-

-

The time when the source file was modified (in milliseconds)

srcFilePath

-

The source file path

srcFileSize

-

-

The source file size

srcFirstSeen

-

-

The time when the source file first appeared (in milliseconds)

srcLastSeen

-

-

The time when the source file was last seen (in milliseconds)

systemEventAttr

-

-

The attributes of the system event (if the subject is a system event)

tags

-

The detected technique ID based on the alert filter

userType

-

-

The user type

uuid

-

-

The unique key of the log