ビュー:
No.
Google SecOps UDMフィールド
Trend Vision One フィールド
ノート
1
metadata.event_type
  • GENERIC_EVENT
  • ユーザー未分類
  • EMAIL_TRANSACTION
  • プロセス_未分類
  • REGISTRY_UNCATEGORIZED
  • NETWORK_UNCATEGORIZED
  • FILE_UNCATEGORIZED
2
metadata.vendor_name
Trend Vision Oneアクティビティ
3
metadata.product_name
Trend Vision Oneアクティビティ
4
metadata.product_log_id
uuid
5
principal.resource.attribute.labels
uuid
key: "uuid"value: {uuid}
6
metadata.product_log_id
msgUuid
7
metadata.collected_timestamp
logReceivedTime
8
metadata.event_timestamp
eventTime
9
追加のフィールド
eventID
key: "イベントID"value: {eventID}
10
追加のフィールド
アプリ
key: "アプリ"value: {app}
11
追加のフィールド
appLabel
key: "appLabel"value: {appLabel}
12
追加のフィールド
アプリケーション
key: "アプリケーション"value: {application}
13
metadata.product_event_type
eventType
14
metadata.product_version
pver
15
security_result.severity_details
フィルターリスクレベル
16
追加のフィールド
productCode
key: "productCode"value: {productCode}
17
metadata.product_name
pname
18
metadata.product_name
idpName
19
metadata.product_event_type
eventName
20
principal.ip
sourceIPAddress
21
src.ip
sourceIPAddress
22
principal.ip
src
23
src.ip
src
24
principal.ip
dst
25
target.ip
dst
26
src.port
spt
27
target_udm.port
dpt
28
principal.user.userid
objectUser
29
target_udm.user.userid
objectUser
30
target_udm.file.full_path
objectFilePath
31
target_udm.file.md5
objectFileHashMd5
32
target_udm.file.sha1
objectFileHashSha1
33
target_udm.file.sha256
objectFileHashSha256
34
target_udm.file.last_modification_time
objectFileModifiedTime
35
target_udm.file.first_seen_time
objectFirstSeen
36
target_udm.file.last_seen_time
objectLastSeen
37
target_udm.process.integrity_level_rid
objectIntegrityLevel
38
target_udm.ip
objectIp
39
target_udm.ip
objectIps
40
target_udm.process.pid
objectPid
41
target_udm.port
objectPort
42
target_udm.registry.registry_value_data
objectRegistryData
43
target_udm.registry.registry_key
objectRegistryKeyHandle
44
target_udm.registry.registry_value_name
objectRegistryValue
45
target_udm.file.size
objectFileSize
46
追加のフィールド
vpcEndpointId
key: "vpcEndpointId"value: {vpcEndpointId}
47
追加のフィールド
apiVersion
key: "apiVersion"value: {apiVersion}
48
追加のフィールド
key: "awsRegion"value: {awsRegion}
49
追加のフィールド
key: "受取人アカウントID"value: {recipientAccountId}
50
principal.hostname
endpointHostName
51
principal.asset.hostname
endpointHostName
52
principal.mac
endpointMacAddress
53
principal.asset.mac
endpointMacAddress
54
principal.asset.asset_id
endpointGuid
55
principal.ip
endpointIp
56
principal.asset.ip
endpointIp
57
principal.domain.name
hostName
58
principal.process.integrity_level_rid
integrityLevel
59
src.process.command_line
processCmd
60
target_udm.process.command_line
objectCmd
61
src.file.full_path
srcFilePath
62
src.file.md5
srcFileHashMd5
63
src.file.sha1
srcFileHashSha1
64
src.file.sha256
srcFileHashSha256
65
src.file.size
srcFileSize
66
src.file.last_modification_time
srcFileModifiedTime
67
src.file.first_seen_time
srcFirstSeen
68
src.file.last_seen_time
srcLastSeen
69
principal.process.file.full_path
processFilePath
70
principal.process.file.names
processName
71
principal.process.pid
processPid
72
principal.process.file.md5
processFileHashMd5
73
principal.process.file.sha1
processFileHashSha1
74
principal.process.file.sha256
processFileHashSha256
75
principal.process.parent_process.pid
parentPid
76
principal.process.parent_process.command_line
parentCmd
77
principal.process.parent_process.file.full_path
parentFilePath
78
principal.process.parent_process.file.names
parentName
79
principal.process.parent_process.file.md5
parentFileHashMd5
80
principal.process.parent_process.file.sha1
parentFileHashSha1
81
principal.process.parent_process.file.sha256
parentFileHashSha256
82
principal.process.parent_process.integrity_level_rid
parentIntegrityLevel
83
target_udm.url
request
84
target_udm.url
リクエスト
85
src.ip
publicSrc
86
src.port
publicSpt
87
追加のフィールド
clusterId
key: "クラスターID"value: {clusterId}
88
追加のフィールド
clusterName
key: "clusterName"value: {clusterName}
89
追加のフィールド
k8sNamespace
key: "k8sNamespace"value: {k8sNamespace}
90
network.email.mail_id
msgId
91
security_result.about.email
メールボックス
92
network.email.from
mailFromAddresses
93
network.email.from
suser
94
network.email.to
duser
95
network.email.to
mailToAddresses
96
network.email.cc
mailCcAddresses
97
network.email.bcc
mailBccAddresses
98
network.email.reply_to
mailReplyToAddresses
99
network.email.subject
mailMsgSubject
100
security_result.risk_score
メールスコア
101
src.ip
mailSenderIp
102
principal.user.userid
principalName
103
about.file.names
attachmentFileName
104
追加のフィールド
attachmentSha256
key: "attachmentSha256"value: {attachmentSha256}
105
追加のフィールド
attachmentSha1
key: "attachmentSha1"value: {attachmentSha1}
106
追加のフィールド
attachmentMd5
key: "attachmentMd5"value: {attachmentMd5}
107
追加のフィールド
idpId
key: "idpId"value: {idpId}
108
principal.ip_location.country_or_region
locationCountry
109
principal.ip_location.city
locationCity
110
principal.ip_location.state
locationState
111
principal.ip_location.region_coordinates.latitude
locationLatitude
112
principal.ip_location.region_coordinates.longitude
locationLongitude
113
principal.asset.asset_id
clientId
114
principal.asset.ip
ipAddress
115
principal.user.product_object_id
ユーザId
116
principal.user.user_display_name
userDisplayName
117
target_udm.resource.id
targetResourceId
118
target_udm.resource.name
targetResourceDisplayName
119
principal.asset.attribute.labels
clientDisplayName
key: "clientDisplayName"value: {clientDisplayName}
120
principal.asset.attribute.labels
clientOS
key: "クライアントOS"value: {clientOS}
121
principal.asset.hardware.model
endpointModel
122
security_result.action_details
act
123
network.tls.version
clientTls
124
network.tls.cipher
tlsSelectedCipher
125
src.hostname
clientHost
126
src.hostname
shost
127
target_udm.hostname
serverHost
128
target_udm.hostname
dhost
129
network.application_protocol
クライアントプロトコル
130
network.application_protocol_version
クライアントプロトコル
131
network.http.method
requestMethod
132
network.http.referral_url
httpReferer
133
network.http.user_agent
userAgent
134
network.http.response_code
respCode
135
target_udm.ip
resolvedUrlIp
136
target_udm.port
resolvedUrlPort
137
security_result.threat_name
malName
138
security_result.detection_fields
detectionType
key: "検出タイプ"value: {detectionType}
139
principal.asset.asset_id
deviceGUID
140
security_result.rule_type
ルールタイプ
141
security_result.rule_id
ruleUuid
142
security_result.rule_name
ruleName
143
security_result.rule_id
ruleId
144
target_udm.ip
serverIp
145
target_udm.port
serverPort
146
target_udm.mac
serverMAC
147
target_udm.mac
dmac
148
src.ip
clientIp
149
src.port
clientPort
150
src.mac
clientMAC
151
src.mac
smac