|
編號
|
Google SecOps UDM 欄位
|
Trend Vision One 欄位
|
注意
|
|
1
|
metadata.event_type
|
一般事件
|
|
|
2
|
metadata.vendor_name
|
TREND VISION ONE 偵測
|
|
|
3
|
metadata.product_name
|
TREND VISION ONE 偵測
|
|
|
4
|
metadata.product_event_type
|
eventType
|
|
|
5
|
metadata.product_version
|
pver
|
|
|
6
|
metadata.product_log_id
|
msgUuid
|
|
|
7
|
metadata.event_timestamp
|
eventTime
|
|
|
8
|
metadata.collected_timestamp
|
logReceivedTime
|
|
|
9
|
metadata.product_event_type
|
eventName | |
|
10
|
metadata.product_log_id
|
uuid
|
|
|
11
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"value: {uuid}
|
|
12
|
security_result.severity_details
|
過濾風險等級
|
|
|
13
|
additional.fields
|
productCode
|
key: "productCode"vaule: {productCode}
|
|
14
|
metadata.product_name
|
pname
|
|
|
15
|
principal.hostname
|
endpointHostName
|
|
|
16
|
principal.asset.hostname
|
endpointHostName
|
|
|
17
|
principal.mac
|
endpointMacAddress
|
|
|
18
|
principal.asset.mac
|
endpointMacAddress
|
|
|
19
|
principal.hostname
|
dvchost
|
|
|
20
|
principal.asset.hostname
|
||
|
21
|
principal.ip
|
端點Ip
|
|
|
22
|
principal.asset.ip
|
端點Ip
|
|
|
23
|
principal.asset.asset_id
|
endpointGUID
|
endpointGUID:{endpointGUID}
|
|
24
|
principal.asset.asset_id
|
deviceGUID
|
deviceGUID:{deviceGUID}
|
|
25
|
principal.asset.asset_id
|
mDeviceGUID
|
mDeviceGUID:{mDeviceGUID}
|
|
26
|
src.asset.asset_id
|
senderGUID
|
senderGUID:{senderGUID}
|
|
27
|
src.ip
|
senderIp
|
|
|
28
|
src.ip
|
m裝置
|
|
|
29
|
principal.asset.mac
|
deviceMacAddress
|
|
|
30
|
principal.mac
|
deviceMacAddress
|
|
|
31
|
principal.domain.name
|
主機名稱
|
|
|
32
|
principal.administrative_domain
|
電腦網域
|
|
|
33
|
principal.domain.name
|
domainName
|
|
|
34
|
principal.asset.network_domain
|
domainName
|
|
|
35
|
target.hostname
|
感興趣的主機
|
|
|
36
|
target.ip
|
interestedIp
|
|
|
37
|
target.ip
|
objectIp
|
|
|
38
|
principal.user.userid
|
objectUser
|
|
|
39
|
target.user.userid
|
objectUser
|
|
|
40
|
src.hostname
|
shost
|
|
|
41
|
src.platform_version
|
sOSName
|
|
|
42
|
src.mac
|
smac
|
|
|
43
|
target.hostname
|
dhost
|
|
|
44
|
target.platform_version
|
dOSName
|
|
|
45
|
target.mac
|
dmac
|
|
|
46
|
target.group.group_display_name
|
dstGroup
|
|
|
47
|
principal.domain.name
|
userDomain
|
|
|
48
|
target.url
|
要求
|
|
|
49
|
target.domain.name
|
requestBase
|
|
|
50
|
security_result.category_details
|
類別
|
|
|
51
|
principal.ip
|
src
|
|
|
52
|
src.ip
|
src
|
|
|
53
|
principal.ip
|
peerIp
|
|
|
54
|
principal.hostname
|
peerHost
|
|
|
55
|
principal.asset.asset_id
|
peerEndpointGUID
|
|
|
56
|
principal.ip
|
dst
|
|
|
57
|
target.ip
|
dst
|
|
|
58
|
src.port
|
spt
|
|
|
59
|
目標.埠
|
dpt
|
|
|
60
|
src.file.names
|
檔案名稱
|
|
|
61
|
src.file.full_path
|
fullPath
|
|
|
62
|
src.file.size
|
檔案大小
|
|
|
63
|
src.file.names
|
compressedFileName
|
|
|
64
|
src.file.sha1
|
compressedFileHash
|
|
|
65
|
src.file.sha256
|
compressedFileHashSha256
|
|
|
66
|
src.file.size
|
compressedFileSize
|
|
|
67
|
src.file.mime_type
|
壓縮檔案類型
|
|
|
68
|
src.file.full_path
|
srcFilePath
|
|
|
69
|
src.file.md5
|
srcFileHashMd5
|
|
|
70
|
src.file.sha1
|
srcFileHashSha1
|
|
|
71
|
src.file.sha256
|
srcFileHashSha256
|
|
|
72
|
src.file.full_path
|
檔案路徑名稱
|
|
|
73
|
src.file.sha1
|
fileHash
|
|
|
74
|
src.file.sha256
|
fileHashSha256
|
|
|
75
|
目標檔案名稱
|
objectFileName
|
|
|
76
|
target.file.full_path
|
objectFilePath
|
|
|
77
|
target.file.sha1
|
objectFileHashSha1
|
|
|
78
|
target.file.sha256
|
objectFileHashSha256
|
|
|
79
|
target.file.md5
|
objectFileHashMd5
|
|
|
80
|
about.file.names
|
attachmentFileName
|
|
|
81
|
about.file.size
|
attachmentFileSize
|
|
|
82
|
about.file.sha1
|
attachmentFileHash
|
|
|
83
|
about.file.mime_type
|
attachmentFileType
|
|
|
84
|
about.file.sha1
|
attachmentFileHashSha1
|
|
|
85
|
about.file.sha256
|
attachmentFileHashSha256
|
|
|
86
|
about.file.md5
|
attachmentFileHashMd5
|
|
|
87
|
principal.process.integrity_level_rid
|
完整性級別
|
|
|
88
|
principal.process.command_line
|
processCmd
|
|
|
89
|
principal.process.file.md5
|
processFileHashMd5
|
|
|
90
|
principal.process.file.sha1
|
processFileHashSha1
|
|
|
91
|
principal.process.file.sha256
|
processFileHashSha256
|
|
|
92
|
principal.process.parent_process.command_line
|
parentCmd
|
|
|
93
|
principal.process.parent_process.file.full_path
|
parentFilePath
|
|
|
94
|
principal.process.parent_process.file.names
|
parentName
|
|
|
95
|
principal.process.parent_process.pid
|
parentPid
|
|
|
96
|
principal.process.parent_process.file.md5
|
parentFileHashMd5
|
|
|
97
|
principal.process.parent_process.file.sha1
|
parentFileHashSha1
|
|
|
98
|
principal.process.parent_process.file.sha256
|
parentFileHashSha256
|
|
|
99
|
principal.process.parent_process.integrity_level_rid
|
parentIntegrityLevel
|
|
|
100
|
target.process.command_line
|
objectCmd
|
|
|
101
|
target.process.pid
|
objectPid
|
|
|
102
|
target.process.file.full_path
|
objectTargetProcess
|
|
|
103
|
principal.process.file.full_path
|
processFilePath
|
|
|
104
|
principal.process.file.names
|
processName
|
|
|
105
|
principal.process.pid
|
processPid
|
|
|
106
|
principal.process.file.full_path
|
processImagePath
|
|
|
107
|
target.registry.registry_value_data
|
objectRegistryData
|
|
|
108
|
target.registry.registry_key
|
objectRegistryKeyHandle
|
|
|
109
|
target.registry.registry_value_name
|
objectRegistryValue
|
|
|
110
|
network.email.from
|
suser
|
|
|
111
|
network.email.to
|
duser
|
|
|
112
|
network.email.subject
|
mailMsgSubject
|
|
|
113
|
network.email.mail_id
|
msgId
|
|
|
114
|
security_result.about.email
|
信箱
|
|
|
115
|
network.smtp.mail_from
|
mailSmtpFromAddresses
|
|
|
116
|
network.smtp.rcpt_to
|
mailSmtpRecipients
|
|
|
117
|
network.smtp.is_tls
|
mailSmtpTls
|
|
|
118
|
network.email.subject
|
highlightMailMsgSubject
|
|
|
119
|
network.http.method
|
requestMethod
|
|
|
120
|
network.http.referral_url
|
httpReferer
|
|
|
121
|
network.http.response_code
|
respCode
|
|
|
122
|
security_result.attack_details.techniques
|
techniqueId
|
|
|
123
|
security_result.attack_details.tactics
|
tacticId
|
|
|
124
|
principal.asset.vulnerabilities
|
cve
|
|
|
125
|
principal.asset.vulnerabilities
|
cves
|
|
|
126
|
security_result.rule_name
|
ruleName
|
|
|
127
|
security_result.rule_type
|
ruleType
|
|
|
128
|
security_result.rule_id
|
ruleId
|
|
|
129
|
security_result.rule_version
|
規則版本
|
|
|
130
|
security_result.threat_name
|
threatName
|
|
|
131
|
security_result.threat_name
|
malName
|
|
|
132
|
security_result.detection_fields
|
subRuleId
|
key: "子規則ID"value: {subRuleId}
|
|
133
|
security_result.detection_fields
|
subRuleName
|
key: "子規則名稱"value: {subRuleName}
|
|
134
|
security_result.risk_score
|
分數
|
|
|
135
|
security_result.action_details
|
行動
|
|
|
136
|
security_result.detection_fields
|
detectionType
|
key: "偵測類型"value: {detectionType}
|
|
137
|
security_result.detection_fields
|
detectionName
|
key: "偵測名稱"value: {detectionName}
|
|
138
|
security_result.detection_fields
|
惡意軟體家族
|
key: "malFamily"value: {malFamily}
|
|
139
|
security_result.detection_fields
|
malType
|
key: "malType"value: {malType}
|
|
140
|
security_result.detection_fields
|
malSubType
|
key: "malSubType"value: {malSubType}
|
|
141
|
security_result.detection_fields
|
風險等級
|
key: "riskLevel"value: {riskLevel}
|
|
142
|
additional.fields
|
aptCampaigns
|
key: "aptCampaigns"value: {aptCampaigns}
|
|
143
|
security_result.threat_name
|
威脅名稱
|
|
|
144
|
principal.user.department
|
userDepartment
|
|
|
145
|
principal.user.userid
|
principalName
|
|
|
146
|
principal.user.userid
|
logonUsers
|
|
|
147
|
additional.fields
|
應用程式
|
key: "應用程式"value: {application}
|
|
148
|
additional.fields
|
appLabel
|
key: "appLabel"value: {appLabel}
|
|
149
|
additional.fields
|
eventID
|
key: "事件ID"value: {eventID}
|
|
150
|
additional.fields
|
eventSubId
|
key: "事件子ID"value: {eventSubId}
|
|
151
|
additional.fields
|
clusterId
|
key: "叢集ID"value: {clusterId}
|
|
152
|
additional.fields
|
clusterName
|
key: "叢集名稱"value: {clusterName}
|
|
153
|
additional.fields
|
k8s命名空間
|
key: "k8sNamespace"value: {k8sNamespace}
|
|
154
|
principal.asset.hardware.model
|
端點模型
|
|
|
155
|
principal.asset.hardware.model
|
deviceModel
|
檢視次數: