|
編號
|
Google SecOps UDM 欄位
|
Trend Vision One 欄位
|
注意
|
|
1
|
metadata.event_type
|
|
|
|
2
|
metadata.vendor_name
|
TREND VISION ONE ACTIVITY
|
|
|
3
|
metadata.product_name
|
TREND VISION ONE ACTIVITY
|
|
|
4
|
metadata.product_log_id
|
uuid
|
|
|
5
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"value: {uuid}
|
|
6
|
metadata.product_log_id
|
msgUuid
|
|
|
7
|
metadata.collected_timestamp
|
logReceivedTime
|
|
|
8
|
metadata.event_timestamp
|
eventTime
|
|
|
9
|
additional.fields
|
eventID
|
key: "事件ID"value: {eventID}
|
|
10
|
additional.fields
|
應用程式
|
key: "app"value: {app}
|
|
11
|
additional.fields
|
appLabel
|
key: "appLabel"value: {appLabel}
|
|
12
|
additional.fields
|
應用程式
|
key: "應用程式"value: {application}
|
|
13
|
metadata.product_event_type
|
eventType
|
|
|
14
|
metadata.product_version
|
pver
|
|
|
15
|
security_result.severity_details
|
過濾風險等級
|
|
|
16
|
additional.fields
|
productCode
|
key: "產品代碼"value: {productCode}
|
|
17
|
metadata.product_name
|
pname
|
|
|
18
|
metadata.product_name
|
idpName
|
|
|
19
|
metadata.product_event_type
|
eventName
|
|
|
20
|
principal.ip
|
sourceIPAddress
|
|
|
21
|
src.ip
|
sourceIPAddress
|
|
|
22
|
principal.ip
|
src
|
|
|
23
|
src.ip
|
src
|
|
|
24
|
principal.ip
|
dst
|
|
|
25
|
target.ip
|
dst
|
|
|
26
|
src.port
|
spt
|
|
|
27
|
target_udm.port
|
dpt
|
|
|
28
|
principal.user.userid
|
物件使用者
|
|
|
29
|
target_udm.user.userid
|
物件使用者
|
|
|
30
|
target_udm.file.full_path
|
objectFilePath
|
|
|
31
|
target_udm.file.md5
|
objectFileHashMd5
|
|
|
32
|
target_udm.file.sha1
|
objectFileHashSha1
|
|
|
33
|
target_udm.file.sha256
|
objectFileHashSha256
|
|
|
34
|
target_udm.file.last_modification_time
|
objectFileModifiedTime
|
|
|
35
|
target_udm.file.first_seen_time
|
objectFirstSeen
|
|
|
36
|
target_udm.file.last_seen_time
|
objectLastSeen
|
|
|
37
|
target_udm.process.integrity_level_rid
|
物件完整性層級
|
|
|
38
|
target_udm.ip
|
objectIp
|
|
|
39
|
target_udm.ip
|
objectIps
|
|
|
40
|
target_udm.process.pid
|
objectPid
|
|
|
41
|
target_udm.port
|
objectPort
|
|
|
42
|
target_udm.registry.registry_value_data
|
objectRegistryData
|
|
|
43
|
target_udm.registry.registry_key
|
objectRegistryKeyHandle
|
|
|
44
|
target_udm.registry.registry_value_name
|
objectRegistryValue
|
|
|
45
|
target_udm.file.size
|
objectFileSize
|
|
|
46
|
additional.fields
|
vpcEndpointId
|
key: "vpcEndpointId"value: {vpcEndpointId}
|
|
47
|
additional.fields
|
apiVersion
|
key: "apiVersion"value: {apiVersion}
|
|
48
|
additional.fields
|
key: "awsRegion"value: {awsRegion}
|
|
|
49
|
additional.fields
|
key: "recipientAccountId"value: {recipientAccountId}
|
|
|
50
|
principal.hostname
|
endpointHostName
|
|
|
51
|
principal.asset.hostname
|
endpointHostName
|
|
|
52
|
principal.mac
|
endpointMacAddress
|
|
|
53
|
principal.asset.mac
|
endpointMacAddress
|
|
|
54
|
principal.asset.asset_id
|
endpointGuid
|
|
|
55
|
principal.ip
|
端點Ip
|
|
|
56
|
principal.asset.ip
|
端點Ip
|
|
|
57
|
principal.domain.name
|
主機名稱
|
|
|
58
|
principal.process.integrity_level_rid
|
完整性級別
|
|
|
59
|
src.process.command_line
|
processCmd
|
|
|
60
|
target_udm.process.command_line
|
objectCmd
|
|
|
61
|
src.file.full_path
|
srcFilePath
|
|
|
62
|
src.file.md5
|
srcFileHashMd5
|
|
|
63
|
src.file.sha1
|
srcFileHashSha1
|
|
|
64
|
src.file.sha256
|
srcFileHashSha256
|
|
|
65
|
src.file.size
|
srcFileSize
|
|
|
66
|
src.file.last_modification_time
|
srcFileModifiedTime
|
|
|
67
|
src.file.first_seen_time
|
srcFirstSeen
|
|
|
68
|
src.file.last_seen_time
|
srcLastSeen
|
|
|
69
|
principal.process.file.full_path
|
processFilePath
|
|
|
70
|
principal.process.file.names
|
processName
|
|
|
71
|
principal.process.pid
|
processPid
|
|
|
72
|
principal.process.file.md5
|
processFileHashMd5
|
|
|
73
|
principal.process.file.sha1
|
processFileHashSha1
|
|
|
74
|
principal.process.file.sha256
|
processFileHashSha256
|
|
|
75
|
principal.process.parent_process.pid
|
parentPid
|
|
|
76
|
principal.process.parent_process.command_line
|
parentCmd
|
|
|
77
|
principal.process.parent_process.file.full_path
|
parentFilePath
|
|
|
78
|
principal.process.parent_process.file.names
|
parentName
|
|
|
79
|
principal.process.parent_process.file.md5
|
parentFileHashMd5
|
|
|
80
|
principal.process.parent_process.file.sha1
|
parentFileHashSha1
|
|
|
81
|
principal.process.parent_process.file.sha256
|
parentFileHashSha256
|
|
|
82
|
principal.process.parent_process.integrity_level_rid
|
parentIntegrityLevel
|
|
|
83
|
target_udm.url
|
要求
|
|
|
84
|
target_udm.url
|
請求
|
|
|
85
|
src.ip
|
publicSrc
|
|
|
86
|
src.port
|
publicSpt
|
|
|
87
|
additional.fields
|
clusterId
|
key: "叢集ID"value: {clusterId}
|
|
88
|
additional.fields
|
clusterName
|
key: "clusterName"value: {clusterName}
|
|
89
|
additional.fields
|
k8s命名空間
|
key: "k8sNamespace"value: {k8sNamespace}
|
|
90
|
network.email.mail_id
|
msgId
|
|
|
91
|
security_result.about.email
|
信箱
|
|
|
92
|
network.email.from
|
mailFromAddresses
|
|
|
93
|
network.email.from
|
suser
|
|
|
94
|
network.email.to
|
duser
|
|
|
95
|
network.email.to
|
mailToAddresses
|
|
|
96
|
network.email.cc
|
mailCcAddresses
|
|
|
97
|
network.email.bcc
|
mailBccAddresses
|
|
|
98
|
network.email.reply_to
|
mailReplyToAddresses
|
|
|
99
|
network.email.subject
|
mailMsgSubject
|
|
|
100
|
security_result.risk_score
|
郵件評分
|
|
|
101
|
src.ip
|
mailSenderIp
|
|
|
102
|
principal.user.userid
|
principalName
|
|
|
103
|
about.file.names
|
attachmentFileName
|
|
|
104
|
additional.fields
|
attachmentSha256
|
key: "attachmentSha256"value: {attachmentSha256}
|
|
105
|
additional.fields
|
attachmentSha1
|
key: "附件Sha1"value: {attachmentSha1}
|
|
106
|
additional.fields
|
attachmentMd5
|
key: "attachmentMd5"value: {attachmentMd5}
|
|
107
|
additional.fields
|
idpId
|
key: "idpId"value: {idpId}
|
|
108
|
principal.ip_location.country_or_region
|
locationCountry
|
|
|
109
|
principal.ip_location.city
|
locationCity
|
|
|
110
|
principal.ip_location.state
|
locationState
|
|
|
111
|
principal.ip_location.region_coordinates.latitude
|
locationLatitude
|
|
|
112
|
principal.ip_location.region_coordinates.longitude
|
locationLongitude
|
|
|
113
|
principal.asset.asset_id
|
clientId
|
|
|
114
|
principal.asset.ip
|
ipAddress
|
|
|
115
|
principal.user.product_object_id
|
userId
|
|
|
116
|
principal.user.user_display_name
|
userDisplayName
|
|
|
117
|
target_udm.resource.id
|
targetResourceId
|
|
|
118
|
target_udm.resource.name
|
目標資源顯示名稱
|
|
|
119
|
principal.asset.attribute.labels
|
clientDisplayName
|
key: "clientDisplayName"value: {clientDisplayName}
|
|
120
|
principal.asset.attribute.labels
|
clientOS
|
key: "clientOS"value: {clientOS}
|
|
121
|
principal.asset.hardware.model
|
端點模型
|
|
|
122
|
security_result.action_details
|
行動
|
|
|
123
|
network.tls.version
|
clientTls
|
|
|
124
|
network.tls.cipher
|
tlsSelectedCipher
|
|
|
125
|
src.hostname
|
clientHost
|
|
|
126
|
src.hostname
|
shost
|
|
|
127
|
target_udm.hostname
|
serverHost
|
|
|
128
|
target_udm.hostname
|
dhost
|
|
|
129
|
network.application_protocol
|
clientProtocol
|
|
|
130
|
network.application_protocol_version
|
clientProtocol
|
|
|
131
|
network.http.method
|
requestMethod
|
|
|
132
|
network.http.referral_url
|
httpReferer
|
|
|
133
|
network.http.user_agent
|
userAgent
|
|
|
134
|
network.http.response_code
|
respCode
|
|
|
135
|
target_udm.ip
|
resolvedUrlIp
|
|
|
136
|
target_udm.port
|
resolvedUrlPort
|
|
|
137
|
security_result.threat_name
|
malName
|
|
|
138
|
security_result.detection_fields
|
detectionType
|
key: "偵測類型"value: {detectionType}
|
|
139
|
principal.asset.asset_id
|
deviceGUID
|
|
|
140
|
security_result.rule_type
|
規則類型
|
|
|
141
|
security_result.rule_id
|
ruleUuid
|
|
|
142
|
security_result.rule_name
|
規則名稱
|
|
|
143
|
security_result.rule_id
|
ruleId
|
|
|
144
|
target_udm.ip
|
serverIp
|
|
|
145
|
target_udm.port
|
serverPort
|
|
|
146
|
target_udm.mac
|
serverMAC
|
|
|
147
|
target_udm.mac
|
dmac
|
|
|
148
|
src.ip
|
clientIp
|
|
|
149
|
src.port
|
clientPort
|
|
|
150
|
src.mac
|
clientMAC
|
|
|
151
|
src.mac
|
smac
|
檢視次數: