No. |
Google SecOps UDMフィールド
|
Trend Vision One フィールド
|
注意
|
1 |
metadata.event_type
|
|
|
2 |
metadata.vendor_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
3 |
metadata.product_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
4 |
target.file.full_path
|
fullPath
|
|
5 |
target.file.full_path
|
filePathName
|
|
6 |
target.file.names
|
fileName
|
|
7 |
principal.hostname
|
endpointHostName
|
|
8 |
principal.asset.hostname
|
endpointHostName
|
|
9 |
principal.ip
|
endpointIp
|
|
10 |
principal.asset.ip
|
endpointIp
|
|
11 |
追加フィールド
|
mpver
|
key: "mpver"value: {mpver}
|
12 |
metadata.product_version
|
pver
|
|
13 |
target.process.file.full_path
|
processName
|
|
14 |
principal.asset.asset_id
|
mDeviceGUID
|
|
15
|
metadata.product_event_type
|
eventName
|
|
16
|
metadata.product_log_id
|
eventId
|
|
17
|
rt
|
||
18
|
metadata.collected_timestamp
|
logReceivedTime
|
|
19
|
追加フィールド
|
rtDate
|
key: "rtDate"value: {rtDate}
|
20
|
追加フィールド
|
eventSourceType
|
key: "イベントソースタイプ"value: {eventSourceType}
|
21
|
追加フィールド
|
hostId
|
key: "ホストID"value: {hostId}
|
22
|
security_result.rule_id
|
ruleId
|
|
23
|
principal.administrative_domain
|
suid
|
|
24
|
principal.user.userid
|
||
25
|
principal.resource.attribute.labels
|
senderGUID
|
key: "送信者GUID"value: {senderGUID}
|
26
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"value: {uuid}
|
27
|
security_result.detection_fields
|
detectionType
|
key: "検出タイプ"value: {detectionType}
|
28
|
security_result.detection_fields
|
winEventId
|
key: "winEventId"value: {winEventId}
|
29
|
security_result.description
|
メッセージ
|
|
30
|
security_result.detection_fields
|
subRuleId
|
key: "サブルールID"value: {subRuleId}
|
31
|
security_result.detection_fields
|
サブルール名
|
key: "サブルール名"value: {subRuleName}
|
32
|
security_result.category_details
|
cat
|
|
33
|
security_result.action_details
|
fileOperation
|
|
34
|
security_result.rule_name
|
ruleName
|
|
35
|
principal.resource.attribute.labels
|
endpointGUID
|
key: "エンドポイントGUID"value: {endpointGUID}
|
36
|
追加フィールド
|
logKey
|
key: "ログキー"value: {logKey}
|
37
|
追加フィールド
|
productCode
|
key: "製品コード"value: {productCode}
|
38
|
追加フィールド
|
mpname
|
key: "mpname"value: {mpname}
|
39
|
security_result.severity_details
|
重大度
|
|
40
|
target.user.userid
|
duser
|
|
41
|
メタデータの説明
|
説明
|
|
42
|
重大度
|
modelSeverity
|
|
43
|
principal.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "ホスト"
|
44
|
principal.asset.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "ホスト"
|
45
|
principal.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "ホスト"
|
46
|
principal.asset.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "ホスト"
|
47
|
principal.user.user_display_name
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "アカウント"
|
48
|
principal.user.email_addresses
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "emailAddress"
|
49
|
security_result.detection_fields
|
痕跡
|
キー: {indicators.type}値: {indicators.value}キー: "フィールド"値: {indicators.field}
|
50
|
security_result.rule_id
|
matchedRules.id
|
|
51
|
security_result.rule_name
|
matchedRules.name
|
|
52
|
security_result.attack_details.tactics.id
|
matchedRules.matchedFilters.mitreTacticIds
|
|
53
|
security_result.attack_details.techniques.techniques.id
|
matchedRules.matchedFilters.mitreTechniqueIds
|
|
54
|
追加フィールド
|
モデル
|
key: "モデル"value: {model}
|
55
|
security_result.url_back_to_product
|
workbenchLink
|
|
56
|
security_result.detection_fields
|
key: "ステータス"value: {status}
|
|
57
|
security_result.about.investigation.status
|
調査状況
|
|
58
|
security_result.about.investigation.comments
|
調査結果
|
|
59
|
security_result.risk_score
|
スコア
|
|
60
|
security_result.last_updated_time
|
updatedDateTime
|
|
61
|
metadata.product_log_id
|
||
62
|
metadata.event_timestamp
|
createdDateTime
|
|
63
|
security_result.first_discovered_time
|
createdDateTime
|
|
64
|
metadata.product_name
|
pname
|
ビュー: