 |
ImportantThis data source query method is no longer available after February 2, 2026. For more
information on the currently available data sources for use in XDR Data Explorer queries,
go to https://trendmicro.github.io/tm-v1-schema/pages/index.
|
|
Field
|
General Field
|
Example
|
Notes
|
|
act
|
allow
|
Rule action
|
|
|
application
|
HTTPS
|
Name of the application requested
|
|
|
detectionType
|
Not match any rule
|
The reason the TMWS Scanner took action
|
|
|
dst
|
IPv4
|
192.0.2.0
|
Server ip, Client ip
|
|
fileHash
|
FileSHA1
|
98A9A1C8F69373B211E5F1E303BA8762F44BC898
|
SHA1 of the file
|
|
malName
|
BadZipFile
|
Name of the malware detected
|
|
|
mimeType
|
/
|
MIME type(a two-part identifier for file formats and format contents transmitted)
of the traffic
|
|
|
pname
|
Trend Micro Web Security
|
Name of application request
|
|
|
policyName
|
default
|
Rule name, name of the cloud access rule triggered
|
|
|
principalName
|
john.doe@example.com
|
User principal name
|
|
|
profile
|
default
|
Name of the Threat Protection template or Data Loss Prevention profile triggered
|
|
|
request
|
/
|
Uniform Resource Locator (URL) of the traffic
|
|
|
requestBase
|
DomainName
|
self.events.data.microsoft.com
|
URL domain
|
|
rt_utc
|
1627558859
|
UTC timestamp
|
|
|
score
|
Safe
|
Web Reputation Services score
|
|
|
sender
|
TMWS Gateway TW
|
Trend MicroWeb Service gateways where the web traffic passed
|
|
|
src
|
IPv4
|
192.0.2.0
|
Server IP, Client IP
|
|
suid
|
UserAccount
|
john_doe
|
User name (Display Name) or IP address (IPv4)
|
|
trafficSize
|
422
|
HTTP request (POST, PUT) or HTTP response (GET) body size
|
|
|
urlCat
|
Web Advertisement
|
URL category
|
|
|
userDepartment
|
TMWS
|
||
|
userDomain
|
tmws-stg-demo.com
|
Active directory domain, domain of user email for logging in TMWS Scanner
|