Views:
No.
Google SecOps UDM field
Trend Vision One field
Notes
1
metadata.event_type
GENERIC_EVENT
2
metadata.vendor_name
TREND VISION ONE OAT
3
metadata.product_name
TREND VISION ONE OAT
4
metadata.event_timestamp
detectionTime
5
principal.hostname
endpoint.name
6
principal.asset.hostname
endpoint.name
7
principal.ip
endpoint.ips
8
principal.asset.ip
endpoint.ips
9
principal.user.userid
entityName
10
security_result.rule_id
filters.id
11
security_result.rule_name
filters.name
12
security_result.description
filters.description
13
security_result.severity
filters.level
14
security_result.attack_details.tactics.id
filters.tactics
15
security_result.attack_details.techniques
filters.techniques
16
security_result.detection_fields
filters.highlightedObjects
key: "field"value: {filters.highlightedObjects.field}key: {filters.highlightedObjects.type}value: {filters.highlightedObjects.value}
17
additional.fields
detail.eventTime
key: "eventTime"value: {detail.eventTime}
18
additional.fields
detail.uuid
key: "uuid"value: {detail.uuid}
19
additional.fields
detail
key: {detail.key}value: {detail.value}