端點活動資料來源 | Trend Micro Service Central

檢視次數:

欄位名稱	類型	一般欄位	說明	範例	產品
其他資訊	`字串`	-	篩選規則資訊	`預設`	XDR Endpoint Sensor Trend Micro Apex One as a Service
應用程式	`字串`	-	正在被利用的第七層網路通訊協定	`SMB`	XDR Endpoint Sensor
authId	`int64`	-	授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
azId	`字串`	-	請求的虛擬機器的可用區域 ID	`us-east-1b` `us-west-2a`	XDR Endpoint Sensor
頻道	`字串`	-	Windows 事件通道	`安全` `Microsoft-Windows-WMI-Activity/Trace` `Microsoft-Windows-TaskScheduler/Operational`	XDR Endpoint Sensor Trend Micro Apex One as a Service
cloudIdentityAccountId	`字串`	-	用於授權的雲端身份帳號 ID	`111111111111`	XDR Endpoint Sensor
cloudIdentityId	`字串`	-	用於授權的雲端身份 ID	`arn:aws:sts::111111111111:assumed-role/eksctl-aws-test-nodegroup-ng-21d38-NodeInstanceRole-3wPxVEo4zHlK/i-01234567890abcdef`	XDR Endpoint Sensor
cloudIdentityName	`字串`	-	用於授權的雲端身份名稱	`AWSsampleToken`	XDR Endpoint Sensor
雲端提供者	`字串`	-	雲端資產的服務提供者	`aws` `Azure`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
cloudServiceApiName	`字串`	-	雲端服務 API	`AssumeRole` `GetCallerIdentity` `ListBuckets`	XDR Endpoint Sensor
cloudServiceName	`字串`	-	雲端服務	`s3.us-east-1.amazonaws.com` `dynamodb.us-west-2.amazonaws.com`	XDR Endpoint Sensor
codeIntegrityOptionEnabled	`bool`	-	系統是否根據驅動程式簽章強制執行簽章核心載入	`1` `0`	XDR Endpoint Sensor
代碼完整性選項測試簽名	`bool`	-	系統是否繞過驅動程式簽章強制檢查並允許載入測試簽署的驅動程式	`1` `0`	XDR Endpoint Sensor
correlationData	`object_correlation[]`	-	用於關聯的資料防護	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
deviceType	`枚舉_遙測_設備_類型`	-	磁碟機類型	`TELEMETRY_DEVICE_TYPE_UNKNOWN` `TELEMETRY_DEVICE_TYPE_REMOVABLE`	XDR Endpoint Sensor
dpt	`int32`	通訊埠	目標通訊埠	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
目標	`字串`	IPv4 IPv6	目標 IP	`::` `10.10.10.10`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
endpointGuid	`字串`	EndpointID	端點上檢測到事件的主機 GUID	`11111111-1111-1111-1111-111111111111`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointHostName	`字串`	端點名稱	端點上檢測到事件的主機名稱	`PHILIPSIBE09` `WHAM6WK8XG2` `MacBook-Pro-del-Meno`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointIp	`string[]`	IPv4 IPv6	偵測到事件的端點 IP 位址	`10.10.10.10` `::1` `fe80::1`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
endpointMacAddress	`string[]`	-	主機 MAC 位址	`0-0-0-0-0-0-0-e0` `00:00:00:ff:ff:ff`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據訪問列表	`字串`	-	請求的存取權限列表	`%%4416` `%%4417` `%%4418`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據訪問掩碼	`字串`	-	在訪問嘗試期間請求或使用的權限的十六進制值	`16` `2147483648` `1048576`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataActionName	`字串`	-	執行的操作	`語言元件安裝程式` `群組原則背景處理` `C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe`	Trend Micro Apex One as a Service XDR Endpoint Sensor
eventDataAuthenticationPackageName	`字串`	-	Windows 事件資料的驗證套件名稱	`NTLM` `協商` `MICROSOFT_AUTHENTICATION_PACKAGE_V1_0`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataConsumer	`字串`	-	報告事件的接收者	`HealthDriverEventConsumer="健康事件消費者"` `MemoryEventConsumer="記憶體事件消費者"` `SysEventConsumer="系統事件使用者"`	XDR Endpoint Sensor
事件數據提升的令牌	`字串`	-	會話是否已提升並擁有管理員權限	`%%1842` `%%1843`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據完全限定組件名稱	`字串`	-	完整的 .NET 程式集名稱	`System.Runtime，版本=6.0.0.0，文化=中立，公鑰標記=b03f5f7f11d50a3a` `System.Xml，版本=4.0.0.0，文化=中立，公鑰標記=b77a5c561934e089` `System.Diagnostics.Process，版本=8.0.0.0，文化=中立，公鑰標記=b03f5f7f11d50a3a`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據模擬級別	`字串`	-	登入會話模擬層級	`%%1830` `%%1832` `%%1833`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataIpAddress	`字串`	-	Windows 事件 4624（成功登入嘗試）的 IP 位址	`-` `10.10.10.10`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataJobOwner	`字串`	-	發起事件的帳戶名稱	`BEI\holdej` `NT AUTHORITY\SYSTEM`	Trend Micro Apex One as a Service
eventDataLogonProcessName	`字串`	-	Windows 事件登入過程的名稱	`NtLmSsp` `Advapi` `Advapi`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataLogonType	`字串`	-	Windows 事件 4624（成功登入嘗試）的登入類型	`3` `5` `2`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataModuleILPath	`字串`	-	模組的 CIL 映像路徑或動態模組名稱	`C:\程式集\Cymulate\Agent\System.Threading.dll` `C:\windows\system32\tzsync.exe` `C:\Program.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據對象名稱	`字串`	-	請求訪問的對象的識別信息	`\裝置\HarddiskVolume2\Windows\System32\lsass.exe` `C:\Windows\System32\osk.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據對象類型	`字串`	-	物件類型	`過程` `檔案`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataOperation	`字串`	-	Windows 事件 11	`Start IWbemServices::ExecQuery - root\ccm : select * from SMS_Authority` `Start IWbemServices::ExecQuery - root\cimv2 : select * from win32_process` `Start IWbemServices::ExecQuery - root\ccm : SELECT * FROM SMS_Authority`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataPath	`字串`	-	Windows 事件資料防護的路徑	`C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe` `taskhostw.exe` `gpupdate.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataProcessPath	`字串`	-	啟動事件的進程路徑	`C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE` `C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe` `C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE`	Trend Micro Apex One as a Service
eventDataProviderName	`字串`	-	Windows 事件資料防護提供者的名稱	`SmsClientMethodProvider` `MS_NT_EVENTLOG_PROVIDER` `RegProv`	XDR Endpoint Sensor
eventDataProviderPath	`字串`	-	Windows 事件資料防護提供者的檔案路徑	`%systemroot%\system32\wbem\ntevt.dll` `%systemroot%\system32\wbem\stdprov.dll` `C:\WINDOWS\CCM\smsclient.dll`	XDR Endpoint Sensor
eventDataScriptBlockText	`字串`	-	Windows 事件 4104（使用 PowerShell 執行遠端命令）	`$global:?` `0` `{ Set-StrictMode -Version 1; $_.PSMessageDetails }`	Trend Micro Apex One as a Service
eventDataServiceFileName	`字串`	-	服務可執行檔的完整檔案路徑	`%SystemRoot%\PSEXESVC.exe` `C:\Windows\System32\svchost.exe -k WinSysRestoreGroup`	XDR Endpoint Sensor
eventDataServiceName	`字串`	-	服務名稱	`PSEXESVC` `WinResSvc`	XDR Endpoint Sensor
事件資料狀態	`字串`	-	Windows 事件資料防護狀態	`0xc000006d` `-1073741715` `0xc000006e`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件資料子狀態	`字串`	-	Windows 事件資料防護子狀態	`0xc0000064` `0xc000006a` `-1073741724`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據主題用戶名	`字串`	-	帳號	`dadmin` `亞歷克斯` `倫敦$`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據目標域名	`字串`	-	目標登入帳戶的網域或電腦名稱	`NT AUTHORITY` `內建` `震波`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據目標名稱	`字串`	-	服務、應用程式或網路資源名稱	`Microsoft_RssPlatform_` `WindowsLive:target=virtualapp/didlogical` `MicrosoftOffice`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataTargetUserName	`字串`	-	Windows 事件資料目標的使用者名稱	`提供遠端協助助手` `管理員` `管理員`	Trend Micro Apex One as a Service
eventDataTaskName	`字串`	-	Windows 事件記錄的任務名稱	`\Microsoft\Windows\LanguageComponentsInstaller\Installation` `\Microsoft\Office\Office Serviceability Manager` `\MicrosoftEdgeUpdateTaskMachineUA`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據票證加密類型	`字串`	-	用於 Kerberos TGS 的加密套件	`0x12` `0x17` `0x18`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventDataUserContext	`字串`	-	Windows 事件資料的使用者上下文	`MP\MPBSA179345$` `MP\MPBSASPU179370$` `MP\MPBSA4025625$`	XDR Endpoint Sensor Trend Micro Apex One as a Service
事件數據工作站名稱	`字串`	-	登入嘗試中使用的電腦名稱	`WIN-GG82ULGC9GO` `DESKTOP-123ABC` `CLIENT01`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventHashId	`int64`	-	事件雜湊 ID	`-8406473586387535914` `138486453338666581` `-7909265752378976284`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
eventId	`enum_TelemetryHeader.TELEMETRY_EVENT_ID`	-	事件類型	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
事件訊息	`字串`	-	事件訊息	`[0x13bb4e2a0] 啟用連接：mach=true listener=false peer=false name=com.apple.airportd`	XDR Endpoint Sensor Trend Micro Apex One as a Service
eventSubId	`enum_TelemetryHeader.TELEMETRY_EVENT_SUB_ID`	-	訪問類型	`2 - TELEMETRY_PROCESS_CREATE` `101 - TELEMETRY_FILE_CREATE` `204 - 遙測_連接_向外連接`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
事件時間	`int64`	-	代理程式偵測到事件的時間	`1657781088000`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
篩選風險等級	`字串`	-	事件的最高風險等級	`資訊` `低` `中`	安全分析引擎
群組ID	`字串`	-	管理範圍過濾器的群組 ID	`11111111-1111-1111-1111-111111111111`	安全分析引擎
hookId	`int64`	-	掛鉤 ID	`-1` `5` `4`	Trend Micro Apex One as a Service
主機名稱	`字串`	網域名稱主機域	網域名稱	`localhost` `wpad` `settings-win.data.microsoft.com`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
httpReferer	`字串`	URL	HTTP 標頭 referer	`http://10.10.10.10/` `http://fake/home/` `http://fake.com/page/Test.jsp`	Trend Micro Apex One as a Service XDR Endpoint Sensor
importTable	`object_ImportTable[]`	-	匯入的表格資訊	-	XDR Endpoint Sensor
importTableFileName	`字串[]`	-	匯入函數的庫檔案名稱	`KERNEL32.dll` `ADVAPI32.dll`	XDR Endpoint Sensor
importTableFunctionName	`字串[]`	-	匯入的函數檔案名稱	`SwitchToThread/GetSystemInfo` `OpenProcessToken`	XDR Endpoint Sensor
instanceAccountId	`字串`	-	發出請求的虛擬機器的雲端帳號 ID	`111111111111`	XDR Endpoint Sensor
instanceId	`字串`	-	雲端平台上的虛擬機器實例 ID	`i-01234567890abcdef`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
實例名稱	`字串`	-	發出請求的虛擬機	`ec2-123-124-0-12.us-west-2.compute.amazonaws.com`	XDR Endpoint Sensor
完整性等級	`int32`	-	進程的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
logReceivedTime	`int64`	-	接收 XDR 日誌的時間	`1656324260000`	安全分析引擎
登入使用者	`string[]`	用戶帳戶	登入使用者名稱	`root` `系統` `oracle`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
訊息類型	`字串`	-	消息類型	`預設`	XDR Endpoint Sensor Trend Micro Apex One as a Service
metaSrcExtra	`字串`	-	事件來源識別的元數據	`[{'metaSrcUri': ...]`	資料防護 Detection and Response
networkInterfaceId	`字串`	-	虛擬機器發出請求的網路介面	`eni-01234567890abcdef`	XDR Endpoint Sensor
objectApiName	`字串`	-	執行的 API 名稱	`GetIpNetTable`	XDR Endpoint Sensor
objectApiRvInNum	`uint64`	-	API 遙測返回值	`0`	XDR Endpoint Sensor
objectAppName	`字串`	-	涉及 AMSI 事件的應用程式名稱	`Exchange Server 2016` `PowerShell_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.19041.1` `PowerShell_C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.14393.0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectAuthId	`int64`	-	物件授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectBmData	`字串`	-	BM 事件資料防護	`{"provider":"ORCA","schema_version":1,"data":[{"str":"存取 /proc/<pid>/*"}]}` `{"provider":"ORCA","schema_version":1,"data":[{"str":"來源 '/etc/profile.d/lang.sh'"}]}` `{"provider":"ORCA","schema_version":1,"data":[{"str":"source '/etc/profile.d/bash_completion.sh'"}]}`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
objectCmd	`字串`	CLICommand	目標進程的命令行輸入	`wc -l` `runc init` `docker-init --version`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectContentName	`字串`	-	AMSI 物件內容名稱	`C:\程式集\WindowsPowerShell\Modules\PowerShellGet\1.2\PowerShellGet.psd1` `c:\synclog\BLAST_SCAN.vbs`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
當前檔案大小	`int64`	-	修改後物件檔的先前大小	`0` `59456` `60`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectCurrentPosixPermission	`字串`	-	新的 POSIX 權限文件用於文件事件和 CHMOD 事件	`1050180`	Trend Cloud One - Endpoint & Workload Security
objectFileAttributesHashId	`int64`	-	文件屬性元信息的哈希 ID	`1626660901647460000` `-3744588546027070000` `8709345175736065000`	XDR Endpoint Sensor
物件檔案建立	`int64`	-	物件檔案建立的時間	`1652131848000` `1577865600000` `1648279273000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileCurrentOwnerName	`字串`	-	物件檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `BUILTIN\Administradores`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileCurrentOwnerSid	`字串`	-	物件檔案的當前安全識別碼擁有者	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileDaclString	`字串`	-	物件檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;OICI;GA;;;SY)(A;OICI;0xa0120000;;;WD)(A;OICI;GA;;;BA)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileExtendedAttribute	`字串`	-	檔案的擴展屬性	`com.apple.quarantine` `com.apple.metadata:kMDItemWhereFroms`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileGroupName	`字串`	-	物件檔案使用者群組名稱	`輪子` `員工` `管理員`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileGroupSid	`字串`	-	物件檔案群組的安全識別碼	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-397955417-626881126-188441444-513`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHash	`字串`	-	目標處理影像或檔案的加密雜湊值	`1ca71017d2fa4775253670e1e55e26912bfdc156`	資料防護 Detection and Response
objectFileHashId	`int64`	-	物件檔案雜湊 ID	`2141057820373638746` `-6516669617381620295` `-4912169863817247597`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHashMd5	`字串`	FileMD5	目標處理影像或目標檔案的 MD5 雜湊值	`7ac47235c7bb452a03d3afd872f44c9e` `c9873d83a969645a97f21adc1b164cc5` `3b32b378c8b288de6f15e1607a8c2145`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileHashSha1	`字串`	FileSHA1	目標處理影像或目標檔案的 SHA-1 雜湊值	`ded3833f145989fd86c1f4811b61497298ebc7fd` `c4fa06404142f1994431f9eef3df2cbe0f1998f1` `3c01d486ed5aa1ecc2d8f33dc24b0ed59b3e609e`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
物件檔案雜湊Sha256	`字串`	FileSHA2	目標處理影像或目標檔案的 SHA-256 雜湊值	`39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8` `49fa3e206abf6a1f4546417dbe09f3f06b38847866a4a66de75bd90f39cb6c1c` `0969321ad5a0923f0f03896ad2c10e49290515c44b721d773942a37f62a24893`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
物件檔案為遠端存取	`bool`	-	是否有對目標檔案的遠端存取	-	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectFileModifiedTime	`int64`	-	物件檔案的修改時間	`1652131848000` `1577865600000` `1648279273000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
物件檔案原始名稱	`字串`	檔案名稱	物件圖像的原始檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileOwnerName	`字串`	-	物件檔案擁有者名稱	`root` `NT SERVICE\TrustedInstaller` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectFileOwnerSid	`字串`	-	物件檔案擁有者的安全識別碼	`S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFilePath	`字串`	FileFullPath 檔案名稱	目標處理影像或目標檔案的檔案路徑	`/usr/bin/bash` `/bin/bash` `/opt/folder1/probes/system/processes/processes`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileRemoteAccess	`bool`	-	是否有對目標檔案的遠端存取	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectFileSaclString	`字串`	-	物件檔案的系統存取控制清單	`無法訪問控制` `S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;SAFA;0x1f0116;;;WD)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectFileSize	`int64`	-	物件檔案的檔案大小	`0` `59456` `60`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security 資料防護檢測與回應
物件首次發現	`int64`	-	首次看到該物件的時間	`1656458063638` `1656260547165` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectHostName	`字串`	網域名稱	檢測到事件的伺服器	`10.10.10.10` `sample.test.org`	Trend Micro Apex One as a Service XDR Endpoint Sensor
物件完整性層級	`int32`	-	目標進程的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
物件IP	`字串`	IPv4 IPv6	網路事件的 IP 位址	`10.10.10.10`	Trend Micro Apex One as a Service XDR Endpoint Sensor
物件IP	`string[]`	IPv4 IPv6	事件中的 IP 位址清單	`::1` `10.10.10.10` `::ffff:10.10.10.10`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
上次看到物件	`int64`	-	物件最後一次被看到的時間	`1656458354730` `1656260580722` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectLaunchTime	`int64`	-	Windows 事件的物件啟動時間	`1616412892557` `1620778597056` `1616414113105`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutFailureMessage	`字串`	-	登入/登出錯誤訊息	`登入錯誤`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutFirstSeen	`int64`	-	第一次看到物件的登入/登出	`1713903612`	XDR Endpoint Sensor Trend Micro Apex One as a Service
物件登出雜湊識別碼	`int64`	-	物件簽入/簽出中繼資料的 FNV	`-8981232070268295000`	XDR Endpoint Sensor Trend Micro Apex One as a Service
物件登錄登出最後查看	`int64`	-	最後一次看到物件的登入/登出	`1713903612`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutMetaType	`enum_LOGIN_OUT_META_TYPE`	-	登入/登出元資料	`1 - 登入/登出元類型OpenSSH`	XDR Endpoint Sensor Trend Micro Apex One as a Service
物件登錄登出會話ID	`uint64`	-	登錄/登出會話 ID	`260`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutSourceAddress	`字串`	-	登入/登出來源 IP	`10.10.10.10`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectLoginOutStatus	`int32`	-	登入/登出狀態	`-1`	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectName	`字串`	-	物件名稱	`/usr/bin/bash` `/bin/bash` `/opt/folder1/probes/system/processes/processes`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectPid	`int32`	-	目標進程的 PID	-	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
objectPipeName	`字串`	-	事件的命名管道	`\\.\pipe\name1` `\\serverHostName\pipe\name1` `\\serverIp\pipe\name1`	XDR Endpoint Sensor
objectPort	`int32`	通訊埠	事件中使用的端口	-	Trend Micro Apex One as a Service XDR Endpoint Sensor
objectPosixPermission	`字串`	-	該檔案的當前 POSIX 權限	`1050112`	Trend Cloud One - Endpoint & Workload Security
objectPosixPermissionHashId	`int64`	-	POSIX 權限雜湊 ID	`-8931783023607716000`	Trend Cloud One - Endpoint & Workload Security
objectProcessHashId	`int64`	-	目標進程 FNV	`1415699552492662761` `-100650285065767982` `-1139416698673814436`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectRawDataSize	`int64[]`	-	Windows 事件物件的原始資料大小	`9` `1` `564`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
物件原始資料字串	`string[]`	-	AMSI 事件的資料內容	`$global:?` `0` `$servicename = "WinRM" $arrService = Get-Service $servicename if ($arrService.Status -ne "Running") { Restart-Service $servicename }`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
物件註冊資料	`字串`	註冊表值數據	註冊表值資料	`{11111111-1111-1111-1111-111111111111}` `1` `0`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryKeyHandle	`字串`	註冊表金鑰	登錄機碼	`HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters` `HKLM\system\currentcontrolset\services\w32time\config` `HKLM\system\currentcontrolset\services\tcpip\parameters`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
objectRegistryValue	`字串`	註冊表值	登錄檔值名稱	`最後已知良好時間` `執行緒模型` `時代`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
以本地帳戶執行	`bool`	-	“runas” 命令是否使用本地帳戶	`0` `1`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
物件服務類型	`字串`	-	目標檔案類型	`本地` `smb` `網頁`	資料防護檢測與回應
物件會話識別碼	`int32` `int64`	-	物件會話 ID	`0` `1` `2`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectSigner	`string[]`	-	物件處理或檔案的憑證簽署者	`微軟 Windows` `軟體簽署;Apple 程式碼簽署認證機構;Apple 根憑證機構;` `微軟公司`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
物件簽署者標誌臨時	`bool[]`	-	物件處理或檔案簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerFlagsLibValid	`bool[]`	-	物件處理或檔案簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerFlagsRuntime	`bool[]`	-	物件處理或檔案簽章執行時標誌的列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
objectSignerValid	`bool[]`	-	憑證簽署者有效性	`1` `0`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectSubTrueType	`int32`	-	檔案物件真實子類型	`0` `5000` `18000` `28001`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectThreadId	`int64`	-	物件處理執行緒 ID	`10196` `10104` `10004`	Trend Micro Apex One as a Service
objectTrueType	`整數32`	-	檔案物件真實主要類型	`7` `5` `18` `4051`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
objectUri	`字串`	-	目標檔案路徑	`C://path/of/file.txt`	資料防護檢測與回應
objectUser	`字串`	使用者帳戶	目標程序的擁有者名稱或登入使用者名稱	`root` `系統` `oracle`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
objectUserGroup	`字串`	-	使用者群組名稱	`員工` `_spotlight` `輪子`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
objectUserGroupSids	`string[]`	-	物件的使用者群組 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
osDescription	`字串`	-	作業系統版本	`Windows 10 (64 位元)` `Windows 10 專業版 (64 位元) 版本 19044` `Amazon Linux 2 (64 位) (5.4.188-104.359.amzn2.x86_64)`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
作業系統名稱	`字串`	-	主機作業系統名稱	`Windows` `Linux` `macOS`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
osType	`字串`	-	主機作業系統類型	`0x00000030` `4`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
osVer	`字串`	-	主機作業系統版本	`Amazon Linux 2` `10.0.19044` `10.0.19042`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentAuthId	`int64`	-	家長授權 ID	`999` `996` `997`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentCmd	`字串`	CLI命令	父程序的命令行輸入	`C:\WINDOWS\system32\services.exe` `C:\Windows\system32\services.exe` `/sbin/launchd`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
parentFileCreation	`int64`	-	父檔案創建的時間	`1652131848000` `1577865600000` `1635172968000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileCurrentOwnerName	`字串`	-	父檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administradores` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileCurrentOwnerSid	`字串`	-	父檔案的當前安全識別碼擁有者	`S-1-5-32-544` `S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileDaclString	`字串`	-	父檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;OICI;GA;;;SY)(A;OICI;0xa0120000;;;WD)(A;OICI;GA;;;BA)` `D:(A;ID;0x1200a9;;;AC)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;S-1-15-2-2)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileGroupName	`字串`	-	父文件用戶組的名稱	`輪子` `管理員` `員工`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
父檔案群組SID	`字串`	-	父程序檔案群組的安全識別碼	`S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-32-544`	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashId	`int64`	-	父檔案雜湊 ID	`-4092577940452904134` `2141057820373638746` `-821808160829839906`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashMd5	`字串`	檔案MD5	父程序的 MD5 雜湊值	`d8e577bf078c45954f4531885478d5a9` `cd10cb894be2128fca0bf0e2b0c27c16` `cfd65bed18a1fae631091c3a4c4dd533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashSha1	`字串`	FileSHA1	父程序的 SHA-1 雜湊值	`d7a213f3cfee2a8a191769eb33847953be51de54` `1f912d4bec338ef10b7c9f19976286f8acc4eb97` `9ad737cbd8bbdddc96726156dbd3bc03936bf02f`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileHashSha256	`字串`	FileSHA2	父程序的 SHA-256 雜湊值	`dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674` `f3feb95e7bcfb0766a694d93fca29eda7e2ca977c2395b4be75242814eb6d881` `00f8cbc5b3a6640af5ac18d01bc5a666f6f583b1379b9491e0bcc28ba78c92e9`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileModifiedTime	`int64`	-	父檔案最後修改的時間	`1652131848000` `1577865600000` `1635172968000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOriginalName	`字串`	檔案名稱	原始父映像的檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOwnerName	`字串`	-	父文件的擁有者名稱	`root` `cit` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentFileOwnerSid	`字串`	-	父文件擁有者的安全識別碼	`S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18`	XDR Endpoint Sensor Trend Micro Apex One as a Service
父檔案路徑	`字串`	FileFullPath 檔案名稱	父程序的檔案路徑	`c:\windows\system32\services.exe` `/usr/bin/bash` `c:\windows\system32\svchost.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileRemoteAccess	`bool`	-	是否有對父檔案的遠端存取	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentFileSaclString	`字串`	-	父檔案的系統存取控制清單	`S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:無存取控制` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
parentFileSize	`int64`	-	父檔案的檔案大小	`714856` `59952` `5114880`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentHashId	`int64`	-	父哈希 ID	`-865367326691173681` `-2903238741593506113` `-4358168316031740439`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentIntegrityLevel	`int32`	-	父程序的完整性級別	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentLaunchTime	`int64`	-	父程序啟動的時間	`1653614773895` `1656118625928` `0`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentName	`字串`	-	父程序的映像名稱	`c:\windows\system32\services.exe` `/usr/bin/bash` `c:\windows\system32\svchost.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentPid	`整數32`	-	父程序的 PID	`1` `976` `920`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
父簽署者	`string[]`	-	父文件的簽署者	`Microsoft Windows 發行者` `Microsoft Windows` `軟體簽署;Apple 代碼簽署認證機構;Apple 根憑證機構;`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
家長簽署者標誌臨時	`布林[]`	-	父程序簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
父簽署者標誌庫有效	`布林[]`	-	父程序簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
父簽署者標誌運行時	`布林[]`	-	父程序簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
parentSignerValid	`bool[]`	-	父簽署者的有效性	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentSubTrueType	`int32`	-	父文件的真實檔案子類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
parentTrueType	`整數32`	-	父檔案的真實檔案類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
父使用者	`字串`	-	執行父程序的使用者類型	`root` `系統` `SISTEMA`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
parentUserDomain	`字串`	-	父程序的使用者域	`NT AUTHORITY` `NT 權限`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
父用戶組 SID	`string[]`	-	父使用者群組的 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
pname	`字串`	-	內部產品 ID（已棄用，請使用 productCode）	`2200` `751` `533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
policyIds	`字串`	-	資料防護偵測與回應資料政策 ID	`11111111-1111-1111-1111-111111111111`	資料防護檢測與回應
政策樹路徑	`字串`	-	政策樹路徑	`policyname1/policyname2/policyname3`	安全分析引擎
processCmd	`字串`	CLICommand	主題過程的命令行輸入	`C:\Windows\system32\lsass.exe` `C:\WINDOWS\system32\lsass.exe` `nimbus(進程)`	XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security Trend Micro Apex One as a Service
processFileCreation	`int64`	-	該過程檔案創建的時間	`1652131848000` `1577865600000` `1635172906000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileCurrentOwnerName	`字串`	-	當前進程文件的擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `BUILTIN\管理員`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileCurrentOwnerSid	`字串`	-	該進程文件的擁有者當前安全標識符	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileDaclString	`字串`	-	該過程檔案的自由存取控制清單	`D:(A;ID;0x1200a9;;;AC)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)` `D:(A;ID;FA;;;BA)(A;ID;FA;;;SY)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileGroupName	`字串`	-	進程文件用戶組的名稱	`輪子` `管理員` `員工`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理檔案群組SID	`字串`	-	進程文件組的安全標識符	`S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-32-544`	XDR Endpoint Sensor Trend Micro Apex One as a Service
處理檔案雜湊識別碼	`int64`	-	該進程的檔案雜湊	`2141057820373638746` `-821808160829839906` `5222963427542927736`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileHashMd5	`字串`	FileMD5	主體處理影像的 MD5 雜湊值	`cd10cb894be2128fca0bf0e2b0c27c16` `7ac47235c7bb452a03d3afd872f44c9e` `cfd65bed18a1fae631091c3a4c4dd533`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
處理檔案雜湊SHA1	`字串`	FileSHA1	主體處理影像的 SHA-1 雜湊值	`1f912d4bec338ef10b7c9f19976286f8acc4eb97` `ded3833f145989fd86c1f4811b61497298ebc7fd` `9ad737cbd8bbdddc96726156dbd3bc03936bf02f`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
處理檔案雜湊SHA256	`字串`	FileSHA2	主題處理影像的 SHA-256 雜湊值	`f3feb95e7bcfb0766a694d93fca29eda7e2ca977c2395b4be75242814eb6d881` `39109eef00821658893b45634fe2f4664f880da9242712df907f1327d4ceefb8` `00f8cbc5b3a6640af5ac18d01bc5a666f6f583b1379b9491e0bcc28ba78c92e9`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileModifiedTime	`int64`	-	該程序文件被修改的時間	`1652131848000` `1633413236462` `1414554708877`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processFileOriginalName	`字串`	檔案名稱	處理影像的原始檔案名稱	`Taskmgr.exe` `WINLOGON.EXE` `svchost.exe`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理檔案擁有者名稱	`字串`	-	進程檔案擁有者名稱	`root` `cit` `BUILTIN\Administrators`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理檔案擁有者SID	`字串`	-	進程文件所有者的安全標識符	`S-1-5-32-544` `S-1-5-18` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	XDR Endpoint Sensor Trend Micro Apex One as a Service
processFilePath	`字串`	完整路徑進程名稱檔案完整路徑檔案名稱	主題過程的檔案路徑	`/usr/bin/bash` `c:\windows\system32\svchost.exe` `c:\windows\system32\lsass.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processFileRemoteAccess	`bool`	-	是否有遠端存取程序檔案	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
處理檔案SACL字串	`字串`	-	該程序文件的系統存取控制清單	`S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)` `S:無存取控制`	Trend Micro Apex One as a Service XDR Endpoint Sensor
processFileSize	`int64`	-	進程文件的文件大小	`59952` `59456` `47024`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processHashId	`int64`	-	主體進程的 FNV	`7114696589795796819` `1307755369266815004` `-5015325378148567246`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processLaunchTime	`int64`	-	啟動主體進程的時間	`1653614775212` `1656118626642` `1652098160298`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processName	`字串`	進程名稱	觸發事件的過程的映像名稱	`/usr/bin/bash` `c:\windows\system32\svchost.exe` `c:\windows\system32\lsass.exe`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
processPid	`整數32`	-	主體進程的 PID	`4` `1` `784` `792`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
處理簽署者	`string[]`	-	程序文件簽署者	`Microsoft Windows` `Microsoft Windows 發行者` `微軟公司`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processSignerFlagsAdhoc	`bool[]`	-	進程簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processSignerFlagsLibValid	`bool[]`	-	進程簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
processSignerFlagsRuntime	`bool[]`	-	進程簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
處理簽署者有效性	`布林[]`	-	程序簽署者的有效性	`1` `0`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理子真字型	`整數32`	-	該進程的真實文件子類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
processTrueType	`整數32`	-	該程序的真實檔案類型	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理用戶	`字串`	使用者帳戶	主體處理影像的擁有者名稱	`root` `系統` `SISTEMA`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
處理用戶域	`字串`	-	程序使用者網域	`NT AUTHORITY` `NT 權限`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
處理使用者群組 SID	`string[]`	-	進程的使用者群組 SID	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	XDR Endpoint Sensor
productCode	`字串`	-	內部產品代碼	`sds` `xes` `sao`	安全分析引擎
providerGUID	`字串`	-	Windows 事件提供者的 GUID	`{11111111-1111-1111-1111-111111111111}`	XDR Endpoint Sensor Trend Micro Apex One as a Service
提供者名稱	`字串`	-	Windows 事件提供者的名稱	`Microsoft-Windows-Security-Auditing` `微軟-視窗-WMI-活動` `Microsoft-Windows-TaskScheduler`	XDR Endpoint Sensor Trend Micro Apex One as a Service
proxy	`字串`	-	Proxy 地址	`proxy.sample:8080` `10.10.10.10:8080`	XDR Endpoint Sensor Trend Micro Apex One as a Service
publicSpt	`int32`	通訊埠	發出請求的端點的公共端口	`57163`	XDR Endpoint Sensor
publicSrc	`字串`	IPv4 IPv6	發出請求的端點的公共 IP	`10.10.10.10`	XDR Endpoint Sensor
版本	`字串`	-	產品版本	`1.2.0.2752` `1.0.345` `1.2.0.2657`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
原始資料大小	`int64`	-	Windows 事件日誌的大小	`1128` `1129` `1127`	XDR Endpoint Sensor Trend Micro Apex One as a Service
rawDataStr	`字串`	-	Windows 事件原始內容	`{ "EventData" : { "LogonType" : "", "TargetDomainName" : "", "TargetLogonId" : "", "TargetUserName" : "", "TargetUserSid" : "" } }` `{ "EventData" : { "LogonType" : "10", "TargetDomainName" : "AFASADV", "TargetLogonId" : "14941011731", "TargetUserName" : "管理員", "TargetUserSid" : "S-1-5-21-1507008304-2416677881-2121376573-500" } }` `{ "EventData" : { "LogonType" : "10", "TargetDomainName" : "AIS", "TargetLogonId" : "216921070", "TargetUserName" : "MWoodr01", "TargetUserSid" : "S-1-5-21-1873864278-1756520048-3043165120-15057" } }`	XDR Endpoint Sensor Trend Micro Apex One as a Service
區域識別碼	`字串`	-	雲端資產區域	`美國東部 (北維吉尼亞)` `歐洲（法蘭克福）`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
請求	`字串`	URL	請求 URL	`http://10.10.10.10/fake/site` `http:///fake/param.cgi?action=list&group=Alarm.Status` `http://fake.com/`	Trend Micro Apex One as a Service XDR Endpoint Sensor
請求方法	`字串`	-	網路通訊協定請求方法	`獲取` `POST` `PUT`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
ruleId	`整數32`	-	規則 ID	`1005566`	XDR Endpoint Sensor Trend Micro Apex One as a Service
smb共享名稱	`字串`	-	伺服器中包含檔案的共享資料夾名稱	`sharedfolder`	XDR Endpoint Sensor
spt	`int32`	通訊埠	來源通訊埠	`53` `5353` `443`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
src	`字串`	IPv4 IPv6	來源 IP	`::` `10.10.10.10`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service 資料防護檢測與回應
srcFileCreation	`int64`	-	來源檔案的建立時間	`1577865600000` `1626201752000` `1626201750000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileCurrentOwnerName	`字串`	-	來源檔案的當前擁有者名稱	`NT AUTHORITY\SYSTEM` `BUILTIN\Administrators` `AUTORIDADE NT\SISTEMA`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileCurrentOwnerSid	`字串`	-	當前源文件的安全識別碼擁有者	`S-1-5-18` `S-1-5-32-544` `S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileDaclString	`字串`	-	來源檔案的任意存取控制清單	`D:(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BU)(A;;0x1200a9;;;AC)(A;;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)` `D:(A;ID;FA;;;SY)(A;ID;FA;;;BA)`	XDR Endpoint Sensor Trend Micro Apex One as a Service
源文件組名稱	`字串`	-	源檔案使用者群組名稱	`輪子` `員工` `NT SERVICE\TrustedInstaller`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileGroupSid	`字串`	-	來源檔案群組的安全識別碼	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-21-3770350686-3666354711-3866293128-513`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHash	`字串`	-	源處理影像或檔案的加密雜湊值	`1ca71017d2fa4775253670e1e55e26912bfdc156`	資料防護檢測與回應
srcFileHashMd5	`字串`	FileMD5	來源檔案的 MD5 雜湊值	`e5d5e9c1f65b8ec7aa5b7f1b1acdd731` `a6779bf446db07e4c4ba3516b273c496` `4bb7334fdadc6eccb8e6ab402aae013b`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHashSha1	`字串`	FileSHA1	來源檔案的 SHA-1 雜湊值	`5d34902fecc1760138212ada36be1e742bda5e52` `dbb14dcda6502ab1d23a7c77d405dafbcbeb439e` `2292f8109cd756e790c068a52d50f1b0858f503b`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileHashSha256	`字串`	FileSHA2	來源檔案的 SHA-256 雜湊值	`4eaa002225f4ea2dedcd19b7f1337d7c58ea7dd6d4571c12468dde95e6bcfdaf` `e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80` `16b20a3ad485b4fbbe3028c7e743b226db21ea93cacc8b3d7d7d4a731bf02333`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileIsRemoteAccess	`bool`	-	是否可以遠端訪問源文件	-	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
源文件修改時間	`int64`	-	來源檔案的修改時間	`1626201752000` `1626201750000` `1577865600000`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileOwnerName	`字串`	-	來源檔案擁有者名稱	`root` `NT SERVICE\TrustedInstaller` `NT AUTHORITY\SYSTEM`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileOwnerSid	`字串`	-	源文件所有者的安全標識符	`S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464` `S-1-5-18` `S-1-5-32-544`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFilePath	`字串`	FileFullPath 檔案名稱	來源檔案路徑	`\\cnva-apps\megaclockprod\traveler\travelerprint.accdb` `c:\program files\common files\microsoft shared\clicktorun\officesvcmgrschedule.xml` `q:\a7_dbs\a4_pkg\a4_packaging.accde`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security
srcFileSaclString	`字串`	-	來源檔案的系統存取控制清單	`S:無存取控制` `S:(AU;SAFA;DCLCRPCRSDWDWO;;;WD)` `S:(AU;IDSAFA;DCLCRPSDWDWO;;;AU)`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcFileSize	`int64`	-	來源檔案的檔案大小	`0` `131072` `196608`	XDR Endpoint Sensor Trend Micro Apex One as a Service Trend Cloud One - Endpoint & Workload Security 資料防護 Detection and Response
首次檢測	`int64`	-	首次看到來源檔案的時間	`0` `1656355418449` `1656714760440`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
最後一次看到	`int64`	-	上次看到來源檔案的時間	`0` `1656355418449` `1656715147313`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
srcServiceType	`字串`	-	來源檔案類型	`本地` `smb` `網頁`	資料防護 Detection and Response
srcSigner	`string[]`	-	來源檔案的簽署者	`Microsoft Windows` `微軟公司` `Google LLC`	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcSignerFlagsAdhoc	`布林[]`	-	源文件簽章臨時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerFlagsLibValid	`布林[]`	-	源文件簽章庫驗證標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerFlagsRuntime	`布林[]`	-	源文件簽章運行時標誌列表	-	XDR Endpoint Sensor Trend Micro Apex One as a Service
srcSignerValid	`布林[]`	-	來源檔案簽署者的有效性	-	Trend Micro Apex One as a Service XDR Endpoint Sensor
srcUri	`字串`	-	來源檔案路徑	`C://path/of/file.txt`	資料防護 Detection and Response
srcUser	`字串`	-	源進程的擁有者名稱或登入使用者名稱	`root` `系統` `oracle`	資料防護 Detection and Response
狀態	`字串`	-	HTTP 回應狀態碼	`200` `500` `403`	Trend Micro Apex One as a Service XDR Endpoint Sensor Trend Cloud One - Endpoint & Workload Security
子系統	`字串`	-	子系統資訊	`com.apple.xpc`	XDR Endpoint Sensor Trend Micro Apex One as a Service
subnetId	`字串`	-	虛擬機器發出請求的子網路 ID	`子網路-01234567890abcdef`	XDR Endpoint Sensor
標籤	`string[]`	技術	根據警報過濾器檢測到的技術 ID	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	安全分析引擎
時區	`字串`	-	主機時區	`UTC+00:00` `UTC-05:00` `UTC-03:00`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
userDomain	`string[]`	-	使用者網域名稱	`CORP` `NT 權限`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor Trend Micro Apex One as a Service
uuid	`字串`	-	日誌的唯一鍵	`11111111-1111-1111-1111-111111111111`	安全分析引擎
vpcId	`字串`	-	虛擬私有雲，包含雲端資產	`vpc-01234567890abcdef`	Trend Cloud One - Endpoint & Workload Security XDR Endpoint Sensor
winEventId	`整數32`	-	Windows 事件 ID	`11` `4624` `4670`	XDR Endpoint Sensor Trend Micro Apex One as a Service