No. |
Google SecOps UDM field
|
Trend Vision One field
|
Notes
|
1 |
metadata.event_type
|
|
|
2 |
metadata.vendor_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
3 |
metadata.product_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
4 |
target.file.full_path
|
fullPath
|
|
5 |
target.file.full_path
|
filePathName
|
|
6 |
target.file.names
|
fileName
|
|
7 |
principal.hostname
|
endpointHostName
|
|
8 |
principal.asset.hostname
|
endpointHostName
|
|
9 |
principal.ip
|
endpointIp
|
|
10 |
principal.asset.ip
|
endpointIp
|
|
11 |
additional.fields
|
mpver
|
key: "mpver"value: {mpver}
|
12 |
metadata.product_version
|
pver
|
|
13 |
target.process.file.full_path
|
processName
|
|
14 |
principal.asset.asset_id
|
mDeviceGUID
|
|
15
|
metadata.product_event_type
|
eventName
|
|
16
|
metadata.product_log_id
|
eventId
|
|
17
|
rt
|
||
18
|
metadata.collected_timestamp
|
logReceivedTime
|
|
19
|
additional.fields
|
rtDate
|
key: "rtDate"value: {rtDate}
|
20
|
additional.fields
|
eventSourceType
|
key: "eventSourceType"value: {eventSourceType}
|
21
|
additional.fields
|
hostId
|
key: "hostId"value: {hostId}
|
22
|
security_result.rule_id
|
ruleId
|
|
23
|
principal.administrative_domain
|
suid
|
|
24
|
principal.user.userid
|
||
25
|
principal.resource.attribute.labels
|
senderGUID
|
key: "senderGUID"value: {senderGUID}
|
26
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"value: {uuid}
|
27
|
security_result.detection_fields
|
detectionType
|
key: "detectionType"value: {detectionType}
|
28
|
security_result.detection_fields
|
winEventId
|
key: "winEventId"value: {winEventId}
|
29
|
security_result.description
|
msg
|
|
30
|
security_result.detection_fields
|
subRuleId
|
key: "subRuleId"value: {subRuleId}
|
31
|
security_result.detection_fields
|
subRuleName
|
key: "subRuleName"value: {subRuleName}
|
32
|
security_result.category_details
|
cat
|
|
33
|
security_result.action_details
|
fileOperation
|
|
34
|
security_result.rule_name
|
ruleName
|
|
35
|
principal.resource.attribute.labels
|
endpointGUID
|
key: "endpointGUID"value: {endpointGUID}
|
36
|
additional.fields
|
logKey
|
key: "logKey"value: {logKey}
|
37
|
additional.fields
|
productCode
|
key: "productCode"value: {productCode}
|
38
|
additional.fields
|
mpname
|
key: "mpname"value: {mpname}
|
39
|
security_result.severity_details
|
severity
|
|
40
|
target.user.userid
|
duser
|
|
41
|
metadata.description
|
description
|
|
42
|
severity
|
modelSeverity
|
|
43
|
principal.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "host"
|
44
|
principal.asset.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "host"
|
45
|
principal.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "host"
|
46
|
principal.asset.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "host"
|
47
|
principal.user.user_display_name
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "account"
|
48
|
principal.user.email_addresses
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "emailAddress"
|
49
|
security_result.detection_fields
|
indicators
|
key: {indicators.type}value: {indicators.value}key: "field"value: {indicators.field}
|
50
|
security_result.rule_id
|
matchedRules.id
|
|
51
|
security_result.rule_name
|
matchedRules.name
|
|
52
|
security_result.attack_details.tactics.id
|
matchedRules.matchedFilters.mitreTacticIds
|
|
53
|
security_result.attack_details.techniques.techniques.id
|
matchedRules.matchedFilters.mitreTechniqueIds
|
|
54
|
additional.fields
|
model
|
key: "model"value: {model}
|
55
|
security_result.url_back_to_product
|
workbenchLink
|
|
56
|
security_result.detection_fields
|
key: "status"value: {status}
|
|
57
|
security_result.about.investigation.status
|
investigationStatus
|
|
58
|
security_result.about.investigation.comments
|
investigationResult
|
|
59
|
security_result.risk_score
|
score
|
|
60
|
security_result.last_updated_time
|
updatedDateTime
|
|
61
|
metadata.product_log_id
|
||
62
|
metadata.event_timestamp
|
createdDateTime
|
|
63
|
security_result.first_discovered_time
|
createdDateTime
|
|
64
|
metadata.product_name
|
pname
|
Views: