No.
|
Google SecOps UDM field
|
Trend Vision One field
|
Notes
|
1
|
metadata.event_type
|
GENERIC_EVENT
|
|
2
|
metadata.vendor_name
|
TREND VISION ONE OAT
|
|
3
|
metadata.product_name
|
TREND VISION ONE OAT
|
|
4
|
metadata.event_timestamp
|
detectionTime
|
|
5
|
principal.hostname
|
endpoint.name
|
|
6
|
principal.asset.hostname
|
endpoint.name
|
|
7
|
principal.ip
|
endpoint.ips
|
|
8
|
principal.asset.ip
|
endpoint.ips
|
|
9
|
principal.user.userid
|
entityName
|
|
10
|
security_result.rule_id
|
filters.id
|
|
11
|
security_result.rule_name
|
filters.name
|
|
12
|
security_result.description
|
filters.description
|
|
13
|
security_result.severity
|
filters.level
|
|
14
|
security_result.attack_details.tactics.id
|
filters.tactics
|
|
15
|
security_result.attack_details.techniques
|
filters.techniques
|
|
16
|
security_result.detection_fields
|
filters.highlightedObjects
|
key: "field"value: {filters.highlightedObjects.field}key: {filters.highlightedObjects.type}value:
{filters.highlightedObjects.value}
|
17
|
additional.fields
|
detail.eventTime
|
key: "eventTime"value: {detail.eventTime}
|
18
|
additional.fields
|
detail.uuid
|
key: "uuid"value: {detail.uuid}
|
19
|
additional.fields
|
detail
|
key: {detail.key}value: {detail.value}
|
Views: