Views:
Important
Important
This data source query method is no longer available after February 2, 2026. For more information on the currently available data sources for use in XDR Data Explorer queries, go to https://trendmicro.github.io/tm-v1-schema/pages/index.

Secure Access Activity Data

Field Name
 Type
General Field
Description
Example
Products
act
The action
  • Allow
  • Block
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
application
The name of the requested application
  • Facebook
  • wiki
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
authType
The authentication method
  • ordereddict([('Agent JWT', 'Authenticated by Secure Access Module with JWT token')])
  • ordereddict([('Cookie JWT', 'Authenticated by browser cookie with JWT token')])
  • ordereddict([('IP', 'Authentication bypassed by private IP.')])
  • ordereddict([('No Auth', 'No authentication.')])
Trend Vision One Zero Trust Secure Access Internet Access
clientIp
  • IPv4
  • IPv6
The endpoint internet protocol (IP)
10.64.23.45
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • Virtual Network Sensor
clientProtocol
The client protocol
HTTP/1.1
Trend Vision One Zero Trust Secure Access Internet Access
clientTls
The transport layer security (TLS) of the client
TLS 1.2
Trend Vision One Zero Trust Secure Access Internet Access
cloudAppCat
The category of the event in Cloud Reputation Service
  • All
  • Application Suite
  • Business Intelligence and Analytics
  • Cloud Computing Platform
  • Online Service
Trend Vision One Zero Trust Secure Access Internet Access
companyName
The company name
Trend Micro
Trend Vision OneZero Trust Secure Access Private Access
contentEncoding
The content encoding of the request or the response
gzip
Trend Vision One Zero Trust Secure Access Internet Access
detectionType
The traffic detection type
  • AI Service Access
  • AI Service File Upload Detection
  • AI Service Improper Answer
  • AI Service Malicious URL Answer
  • AI Service Prompt Injection
  • AI Service Rate Limiting
  • AI Service Risk Control
  • AI Service Sensitive Data Prevention
  • Anti-malware scan
  • Application Control
  • Approved URLs
  • Blocked URLs
  • Botnet
  • Data Loss Prevention
  • File scan exception
  • HTTPS bypass at inspection failure
  • HTTPS inspection exception
  • HTTPS inspection failure
  • Missing or invalid client certificate
  • No matched Zero Trust Secure Access rule
  • Non-compliant device
  • Predictive Machine Learning
  • Private IP address access
  • Ransomware
  • Restricted MIME type
  • Restricted file extension type
  • Restricted file type
  • Risk Control
  • Suspicious Object Blocked List
  • Tenancy Restriction
  • URL Filtering
  • Untrusted server certificate
  • Virtual Analyzer submission
  • Web Reputation
  • Zero Trust Secure Access
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
deviceGUID
The globally unique identifier (GUID) of a non-endpoint object such as a network appliance
11111111-1111-1111-1111-111111111111
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
dpt
Port
The service destination port of the private application server (dstport)
443
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
dst
  • IPv4
  • IPv6
The destination IP (dstaddr)
10.10.10.10
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
dstLocation
  • string
-
The destination country
JP
  • Trend Vision One Zero Trust Secure Access Internet Access
duration
The time it took the scanner to complete the scan (in milliseconds)
1599465660123
Trend Vision One Zero Trust Secure Access Internet Access
e2eLatency
The end-to-end traffic latency time (in milliseconds)
10000
Trend Vision One Zero Trust Secure Access Internet Access
endpointGuid
EndpointID
The device GUID
  • 11111111-1111-1111-1111-111111111111
  • DSP84573ULLJHM5GK2R7
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
endpointHostName
EndpointName
The hostname of the device on which the event was detected
  • jeremy-mbp
  • my_machine
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
eventName
The name of the log event
  • FIREWALL_ACTIVITY_LOG
  • SWG_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • Virtual Network Sensor
eventSubName
The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks firewall log sub-type
  • OneDrive download file
  • deny
  • drop
  • end
  • start
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
eventTime
The time the agent or product detected the event
1657135700000
  • Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • Virtual Network Sensor
failedHTTPSInspection
Whether the hypertext transfer protocol secure (HTTPS) traffic inspection failed
true
Trend Vision One Zero Trust Secure Access Internet Access
fileHash
FileSHA1
The secure hash algorithm 1 (SHA-1) of the file that violated the policy
1e15bf99022a9164708cebb3eace8fd61ad45cba
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
fileHashSha256
FileSHA2
The SHA-256 of the file that violated the policy
ba9edecdd09de1307714564c24409bd25508e22fe11c768053a08f173f263e93
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
fileName
  • FileFullPath
  • FileName
The name of file that violated the policy
word.doc
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
fileSize
The size of file that violated the policy
12134
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
fileType
The type of file that violated the policy
Microsoft Word
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
filterRiskLevel
The top level risk level of the event
  • info
  • low
  • medium
Security Analytics Engine
groupId
The group ID for the management scope filter
11111111-1111-1111-1111-111111111111
Security Analytics Engine
isPrivateApp
Whether the requested application is private
  • false
  • true
Trend Vision One Zero Trust Secure Access Internet Access
isRetroScan
Whether the event matches the Security Analytics Engine filter
true
Security Analytics Engine
logReceivedTime
The time when the Extended Detection and Response (XDR) log was received
1656324260000
Security Analytics Engine
malName
The name of the detected malware
Trend Vision One Zero Trust Secure Access Internet Access
mimeType
The mime type or content type of the response body
Text/HTML
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
objectId
The universally unique identifier (UUID) of Trend Vision One Zero Trust Secure Access Private Access
11111111-1111-1111-1111-111111111111
Trend Vision OneZero Trust Secure Access Private Access
originEventSourceType
The source type of the original event which matches the Security Analytics Engine filter
EVENT_SOURCE_NETWORK_ACTIVITY
Security Analytics Engine
originUUID
The UUID of the original event which matches the Security Analytics Engine filter
11111111-1111-1111-1111-111111111111
Security Analytics Engine
osName
The host operating system (OS) name
  • Windows 10
  • macOS 12.1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
pname
The product name
  • Secure Web Gateway
  • XDR for Cloud - AWS VPC Flow Logs
  • Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • XDR for Cloud - AWS VPC Flow Logs
  • Virtual Network Sensor
policyTemplate
The Data Loss Prevention template names
Australia, New Zealand: Healthcare Template, Germany: Banking and Financial Information
Trend Vision One Zero Trust Secure Access Internet Access
policyTreePath
The policy tree path (endpoint only)
policyname1/policyname2/policyname3
Security Analytics Engine
policyUuid
The policy UUID
11111111-1111-1111-1111-111111111111
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision OneZero Trust Secure Access Private Access
principalName
UserAccount
The User Principal Name
sample_email@trendmicro.com
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
productCode
The internal product code
  • sig
  • szn
  • Palo Alto Networks Next-Generation Firewalls
  • Security Analytics Engine
profile
The name of the triggered Threat Protection template or Data Loss Prevention profile
Trend Vision One Zero Trust Secure Access Internet Access
pver
The product version
1
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
request
URL
The destination uniform resource locator (URL) that the user is accessing
  • https://api/example/v1/testit
  • https://google.com/
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • Virtual Network Sensor
requestBase
  • DomainName
  • HostDomain
The URL domain
  • gary.webserver64.com
  • www.facebook.com
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
requestMethod
The network protocol request method
POST
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
requestMimeType
The type of request content
application/json; charset=utf-8
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
requestSize
The request length
1324
Trend Vision One Zero Trust Secure Access Internet Access
responseSize
The response length
1324
Trend Vision One Zero Trust Secure Access Internet Access
ruleName
The name of the triggered cloud access rule
  • ETL_Access Rules_Web_Host
  • block_wiki_for_guest
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
ruleUuid
The risk assessment and control design that is defined by Zero Trust Secure Access risk control rules
11111111-1111-1111-1111-111111111111
Trend Vision OneZero Trust Secure Access Private Access
sender
The Zero Trust Internet Access gateway location
  • ordereddict([('Anything else', 'The pre-defined location name of cloud gateway or on-premises gateway.')])
  • ordereddict([('Public/Home network', 'The default cloud gateway.')])
Trend Vision One Zero Trust Secure Access Internet Access
serverProtocol
The version of the HTTP protocol between the Service Gateway and server or website
HTTP/1.1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
serverRespTime
The time the server took to respond to the request (in milliseconds)
1599465660123
Trend Vision One Zero Trust Secure Access Internet Access
serverTls
The TLS version between the Service Gateway and server or website
TLS 1.2
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
sessionEnd
The session end time (in seconds)
1575462989
  • Deep Discovery Inspector
  • Trend Vision OneZero Trust Secure Access Private Access
  • Virtual Network Sensor
sessionStart
Session start time (in seconds)
1575462989
  • Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision OneZero Trust Secure Access Private Access
  • Virtual Network Sensor
spt
Port
The virtual port assigned to the Secure Access Module (srcport)
57763
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
src
  • IPv4
  • IPv6
Source IP (srcaddr)
100.100.100.100
  • Palo Alto Networks Next-Generation Firewalls
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision OneZero Trust Secure Access Private Access
  • XDR for Cloud - AWS VPC Flow Logs
srcLocation
  • string
-
The source country
JP
  • Trend Vision One Zero Trust Secure Access Internet Access
suid
UserAccount
The user name or IP address (IPv4)
  • 18.162.103.100
  • Sample User Name
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
tags
Technique
The detected technique ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
Security Analytics Engine
tlsJA3Fingerprint
JA3 fingerprint
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
trafficType
The Zero Trust Internet Access gateway service mode
  • ordereddict([('Forward (xx)', 'Cloud Gateway in xx PoP with forward proxy mode for port forwarding')])
  • ordereddict([('Forward', 'Zero Trust Internet Access On-Premises Gateway with forward proxy mode and port forwarding configured')])
  • ordereddict([('ICAP', 'Zero Trust Internet Access On-Premises Gateway with ICAP configured')])
  • ordereddict([('Proxy (xx)', 'Cloud Gateway in xx PoP with forward proxy mode')])
  • ordereddict([('Proxy', 'Zero Trust Internet Access On-Premises Gateway with forward proxy mode configured')])
  • ordereddict([('Reverse', 'Zero Trust Internet Access On-Premises Gateway with reverse proxy mode configured')])
Trend Vision One Zero Trust Secure Access Internet Access
userDepartment
The user department request method
Sales
Trend Vision One Zero Trust Secure Access Internet Access
userDomain
  • AccountDomain
  • DomainName
The Microsoft Entra ID domain or the domain of the Trend Micro Anti-Spam administrator portal user name
trendmicro.com
  • Deep Discovery Inspector
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Virtual Network Sensor
uuid
The unique key of the log
11111111-1111-1111-1111-111111111111
Security Analytics Engine