Learn how Trend Vision One data types are mapped to the UDM used by Google SecOps SIEM.
Google SecOps SIEM uses the UDM to normalize and correlate security data from various sources.
To support seamless integration, Trend Vision One maps its native data formats—such as alerts, events, audit logs, and vulnerabilities—to
UDM-compliant structures.
This section outlines the UDM mapping for each supported data type. Each mapping entry
provides a detailed mapping table that shows how specific fields in Trend Vision One correspond to UDM fields in Google SecOps. The mapping ensures consistent data interpretation, enables advanced threat detection,
and supports unified investigations across platforms.
The following data types are covered:
-
Workbench alerts
-
Observed Attack Techniques (OAT)
-
Detections
-
Audit logs
-
Container vulnerabilities
-
Activity data