檢視次數:
編號
Google SecOps UDM 欄位
Trend Vision One 欄位
注意
1
metadata.event_type
  • GENERIC_EVENT
  • 使用者未分類
  • EMAIL_TRANSACTION
  • PROCESS_UNCATEGORIZED
  • REGISTRY_UNCATEGORIZED
  • NETWORK_UNCATEGORIZED
  • FILE_UNCATEGORIZED
2
metadata.vendor_name
TREND VISION ONE ACTIVITY
3
metadata.product_name
TREND VISION ONE ACTIVITY
4
metadata.product_log_id
uuid
5
principal.resource.attribute.labels
uuid
key: "uuid"value: {uuid}
6
metadata.product_log_id
msgUuid
7
metadata.collected_timestamp
logReceivedTime
8
metadata.event_timestamp
eventTime
9
additional.fields
eventID
key: "事件ID"value: {eventID}
10
additional.fields
應用程式
key: "app"value: {app}
11
additional.fields
appLabel
key: "appLabel"value: {appLabel}
12
additional.fields
應用程式
key: "應用程式"value: {application}
13
metadata.product_event_type
eventType
14
metadata.product_version
pver
15
security_result.severity_details
過濾風險等級
16
additional.fields
productCode
key: "產品代碼"value: {productCode}
17
metadata.product_name
pname
18
metadata.product_name
idpName
19
metadata.product_event_type
eventName
20
principal.ip
sourceIPAddress
21
src.ip
sourceIPAddress
22
principal.ip
src
23
src.ip
src
24
principal.ip
dst
25
target.ip
dst
26
src.port
spt
27
target_udm.port
dpt
28
principal.user.userid
物件使用者
29
target_udm.user.userid
物件使用者
30
target_udm.file.full_path
objectFilePath
31
target_udm.file.md5
objectFileHashMd5
32
target_udm.file.sha1
objectFileHashSha1
33
target_udm.file.sha256
objectFileHashSha256
34
target_udm.file.last_modification_time
objectFileModifiedTime
35
target_udm.file.first_seen_time
objectFirstSeen
36
target_udm.file.last_seen_time
objectLastSeen
37
target_udm.process.integrity_level_rid
物件完整性層級
38
target_udm.ip
objectIp
39
target_udm.ip
objectIps
40
target_udm.process.pid
objectPid
41
target_udm.port
objectPort
42
target_udm.registry.registry_value_data
objectRegistryData
43
target_udm.registry.registry_key
objectRegistryKeyHandle
44
target_udm.registry.registry_value_name
objectRegistryValue
45
target_udm.file.size
objectFileSize
46
additional.fields
vpcEndpointId
key: "vpcEndpointId"value: {vpcEndpointId}
47
additional.fields
apiVersion
key: "apiVersion"value: {apiVersion}
48
additional.fields
key: "awsRegion"value: {awsRegion}
49
additional.fields
key: "recipientAccountId"value: {recipientAccountId}
50
principal.hostname
endpointHostName
51
principal.asset.hostname
endpointHostName
52
principal.mac
endpointMacAddress
53
principal.asset.mac
endpointMacAddress
54
principal.asset.asset_id
endpointGuid
55
principal.ip
端點Ip
56
principal.asset.ip
端點Ip
57
principal.domain.name
主機名稱
58
principal.process.integrity_level_rid
完整性級別
59
src.process.command_line
processCmd
60
target_udm.process.command_line
objectCmd
61
src.file.full_path
srcFilePath
62
src.file.md5
srcFileHashMd5
63
src.file.sha1
srcFileHashSha1
64
src.file.sha256
srcFileHashSha256
65
src.file.size
srcFileSize
66
src.file.last_modification_time
srcFileModifiedTime
67
src.file.first_seen_time
srcFirstSeen
68
src.file.last_seen_time
srcLastSeen
69
principal.process.file.full_path
processFilePath
70
principal.process.file.names
processName
71
principal.process.pid
processPid
72
principal.process.file.md5
processFileHashMd5
73
principal.process.file.sha1
processFileHashSha1
74
principal.process.file.sha256
processFileHashSha256
75
principal.process.parent_process.pid
parentPid
76
principal.process.parent_process.command_line
parentCmd
77
principal.process.parent_process.file.full_path
parentFilePath
78
principal.process.parent_process.file.names
parentName
79
principal.process.parent_process.file.md5
parentFileHashMd5
80
principal.process.parent_process.file.sha1
parentFileHashSha1
81
principal.process.parent_process.file.sha256
parentFileHashSha256
82
principal.process.parent_process.integrity_level_rid
parentIntegrityLevel
83
target_udm.url
要求
84
target_udm.url
請求
85
src.ip
publicSrc
86
src.port
publicSpt
87
additional.fields
clusterId
key: "叢集ID"value: {clusterId}
88
additional.fields
clusterName
key: "clusterName"value: {clusterName}
89
additional.fields
k8s命名空間
key: "k8sNamespace"value: {k8sNamespace}
90
network.email.mail_id
msgId
91
security_result.about.email
信箱
92
network.email.from
mailFromAddresses
93
network.email.from
suser
94
network.email.to
duser
95
network.email.to
mailToAddresses
96
network.email.cc
mailCcAddresses
97
network.email.bcc
mailBccAddresses
98
network.email.reply_to
mailReplyToAddresses
99
network.email.subject
mailMsgSubject
100
security_result.risk_score
郵件評分
101
src.ip
mailSenderIp
102
principal.user.userid
principalName
103
about.file.names
attachmentFileName
104
additional.fields
attachmentSha256
key: "attachmentSha256"value: {attachmentSha256}
105
additional.fields
attachmentSha1
key: "附件Sha1"value: {attachmentSha1}
106
additional.fields
attachmentMd5
key: "attachmentMd5"value: {attachmentMd5}
107
additional.fields
idpId
key: "idpId"value: {idpId}
108
principal.ip_location.country_or_region
locationCountry
109
principal.ip_location.city
locationCity
110
principal.ip_location.state
locationState
111
principal.ip_location.region_coordinates.latitude
locationLatitude
112
principal.ip_location.region_coordinates.longitude
locationLongitude
113
principal.asset.asset_id
clientId
114
principal.asset.ip
ipAddress
115
principal.user.product_object_id
userId
116
principal.user.user_display_name
userDisplayName
117
target_udm.resource.id
targetResourceId
118
target_udm.resource.name
目標資源顯示名稱
119
principal.asset.attribute.labels
clientDisplayName
key: "clientDisplayName"value: {clientDisplayName}
120
principal.asset.attribute.labels
clientOS
key: "clientOS"value: {clientOS}
121
principal.asset.hardware.model
端點模型
122
security_result.action_details
行動
123
network.tls.version
clientTls
124
network.tls.cipher
tlsSelectedCipher
125
src.hostname
clientHost
126
src.hostname
shost
127
target_udm.hostname
serverHost
128
target_udm.hostname
dhost
129
network.application_protocol
clientProtocol
130
network.application_protocol_version
clientProtocol
131
network.http.method
requestMethod
132
network.http.referral_url
httpReferer
133
network.http.user_agent
userAgent
134
network.http.response_code
respCode
135
target_udm.ip
resolvedUrlIp
136
target_udm.port
resolvedUrlPort
137
security_result.threat_name
malName
138
security_result.detection_fields
detectionType
key: "偵測類型"value: {detectionType}
139
principal.asset.asset_id
deviceGUID
140
security_result.rule_type
規則類型
141
security_result.rule_id
ruleUuid
142
security_result.rule_name
規則名稱
143
security_result.rule_id
ruleId
144
target_udm.ip
serverIp
145
target_udm.port
serverPort
146
target_udm.mac
serverMAC
147
target_udm.mac
dmac
148
src.ip
clientIp
149
src.port
clientPort
150
src.mac
clientMAC
151
src.mac
smac