Workbench alerts | Trend Micro Service Central

Views:

No.	Google SecOps UDM field	Trend Vision One field	Notes
1	metadata.event_type		GENERIC_EVENT FILE_UNCATEGORIZED FILE_MODIFICATION STATUS_UPDATE
2	metadata.vendor_name		TRENDMICRO VISION ONE WORKBENCH
3	metadata.product_name		TRENDMICRO VISION ONE WORKBENCH
4	target.file.full_path	fullPath
5	target.file.full_path	filePathName
6	target.file.names	fileName
7	principal.hostname	endpointHostName
8	principal.asset.hostname	endpointHostName
9	principal.ip	endpointIp
10	principal.asset.ip	endpointIp
11	additional.fields	mpver	key: "mpver"value: {mpver}
12	metadata.product_version	pver
13	target.process.file.full_path	processName
14	principal.asset.asset_id	mDeviceGUID
15	metadata.product_event_type	eventName
16	metadata.product_log_id	eventId
17		rt
18	metadata.collected_timestamp	logReceivedTime
19	additional.fields	rtDate	key: "rtDate"value: {rtDate}
20	additional.fields	eventSourceType	key: "eventSourceType"value: {eventSourceType}
21	additional.fields	hostId	key: "hostId"value: {hostId}
22	security_result.rule_id	ruleId
23	principal.administrative_domain	suid
24	principal.user.userid
25	principal.resource.attribute.labels	senderGUID	key: "senderGUID"value: {senderGUID}
26	principal.resource.attribute.labels	uuid	key: "uuid"value: {uuid}
27	security_result.detection_fields	detectionType	key: "detectionType"value: {detectionType}
28	security_result.detection_fields	winEventId	key: "winEventId"value: {winEventId}
29	security_result.description	msg
30	security_result.detection_fields	subRuleId	key: "subRuleId"value: {subRuleId}
31	security_result.detection_fields	subRuleName	key: "subRuleName"value: {subRuleName}
32	security_result.category_details	cat
33	security_result.action_details	fileOperation
34	security_result.rule_name	ruleName
35	principal.resource.attribute.labels	endpointGUID	key: "endpointGUID"value: {endpointGUID}
36	additional.fields	logKey	key: "logKey"value: {logKey}
37	additional.fields	productCode	key: "productCode"value: {productCode}
38	additional.fields	mpname	key: "mpname"value: {mpname}
39	security_result.severity_details	severity
40	target.user.userid	duser
41	metadata.description	description
42	severity	modelSeverity
43	principal.hostname	impactScope.entities.entityValue.name	impactScope.entities.entityType = "host"
44	principal.asset.hostname	impactScope.entities.entityValue.name	impactScope.entities.entityType = "host"
45	principal.ip	impactScope.entities.entityValue.ips	impactScope.entities.entityType = "host"
46	principal.asset.ip	impactScope.entities.entityValue.ips	impactScope.entities.entityType = "host"
47	principal.user.user_display_name	impactScope.entities.entityValue	impactScope.entities.entityType = "account"
48	principal.user.email_addresses	impactScope.entities.entityValue	impactScope.entities.entityType = "emailAddress"
49	security_result.detection_fields	indicators	key: {indicators.type}value: {indicators.value}key: "field"value: {indicators.field}
50	security_result.rule_id	matchedRules.id
51	security_result.rule_name	matchedRules.name
52	security_result.attack_details.tactics.id	matchedRules.matchedFilters.mitreTacticIds
53	security_result.attack_details.techniques.techniques.id	matchedRules.matchedFilters.mitreTechniqueIds
54	additional.fields	model	key: "model"value: {model}
55	security_result.url_back_to_product	workbenchLink
56	security_result.detection_fields	key: "status"value: {status}
57	security_result.about.investigation.status	investigationStatus
58	security_result.about.investigation.comments	investigationResult
59	security_result.risk_score	score
60	security_result.last_updated_time	updatedDateTime
61	metadata.product_log_id
62	metadata.event_timestamp	createdDateTime
63	security_result.first_discovered_time	createdDateTime
64	metadata.product_name	pname