The following Sigma
logsource.category values automatically convert to TrendAI Vision One™ event types. More logsource.category values are coming soon.|
Sigma logsource.category value
|
TrendAI Vision One™ event type
|
|
process_creation
|
ENDPOINT_ACTIVITY
|
|
process_access
|
ENDPOINT_ACTIVITY
|
|
process_termination
|
ENDPOINT_ACTIVITY
|
|
image_load
|
ENDPOINT_ACTIVITY
|
|
driver_load
|
ENDPOINT_ACTIVITY
|
|
file_event
|
ENDPOINT_ACTIVITY
|
|
file_access
|
ENDPOINT_ACTIVITY
|
|
file_change
|
ENDPOINT_ACTIVITY
|
|
file_delete
|
ENDPOINT_ACTIVITY
|
|
file_rename
|
ENDPOINT_ACTIVITY
|
|
registry_add
|
ENDPOINT_ACTIVITY
|
|
registry_set
|
ENDPOINT_ACTIVITY
|
|
registry_delete
|
ENDPOINT_ACTIVITY
|
|
registry_event
|
ENDPOINT_ACTIVITY
|
|
dns
|
ENDPOINT_ACTIVITY
|
|
dns_query
|
ENDPOINT_ACTIVITY
|
|
dns-client
|
ENDPOINT_ACTIVITY
|
|
network_connection
|
ENDPOINT_ACTIVITY
|
|
network_internet
|
ENDPOINT_ACTIVITY
|
|
create_remote_thread
|
ENDPOINT_ACTIVITY
|
|
pipe_created
|
ENDPOINT_ACTIVITY
|
|
ps_script
|
ENDPOINT_ACTIVITY
|
|
ps_module
|
ENDPOINT_ACTIVITY
|
|
bits-client
|
ENDPOINT_ACTIVITY
|
|
firewall-as
|
ENDPOINT_ACTIVITY
|
|
security
|
ENDPOINT_ACTIVITY
|
|
system
|
ENDPOINT_ACTIVITY
|
|
taskscheduler
|
ENDPOINT_ACTIVITY
|
|
terminalservices-localsessionmanager
|
ENDPOINT_ACTIVITY
|
|
antivirus
|
DETECTION
|
|
proxy
|
NETWORK_ACTIVITY
|
|
webserver
|
NETWORK_ACTIVITY
|
|
cloudtrail
|
CLOUD_ACTIVITY
|