檢視次數:
編號
Google SecOps UDM 欄位
Trend Vision One 欄位
注意
1
metadata.event_type
一般事件
2
metadata.vendor_name
TREND VISION ONE 偵測
3
metadata.product_name
TREND VISION ONE 偵測
4
metadata.product_event_type
eventType
5
metadata.product_version
pver
6
metadata.product_log_id
msgUuid
7
metadata.event_timestamp
eventTime
8
metadata.collected_timestamp
logReceivedTime
9
metadata.product_event_type
eventName
10
metadata.product_log_id
uuid
11
principal.resource.attribute.labels
uuid
key: "uuid"value: {uuid}
12
security_result.severity_details
過濾風險等級
13
additional.fields
productCode
key: "productCode"vaule: {productCode}
14
metadata.product_name
pname
15
principal.hostname
endpointHostName
16
principal.asset.hostname
endpointHostName
17
principal.mac
endpointMacAddress
18
principal.asset.mac
endpointMacAddress
19
principal.hostname
dvchost
20
principal.asset.hostname
21
principal.ip
端點Ip
22
principal.asset.ip
端點Ip
23
principal.asset.asset_id
endpointGUID
endpointGUID:{endpointGUID}
24
principal.asset.asset_id
deviceGUID
deviceGUID:{deviceGUID}
25
principal.asset.asset_id
mDeviceGUID
mDeviceGUID:{mDeviceGUID}
26
src.asset.asset_id
senderGUID
senderGUID:{senderGUID}
27
src.ip
senderIp
28
src.ip
m裝置
29
principal.asset.mac
deviceMacAddress
30
principal.mac
deviceMacAddress
31
principal.domain.name
主機名稱
32
principal.administrative_domain
電腦網域
33
principal.domain.name
domainName
34
principal.asset.network_domain
domainName
35
target.hostname
感興趣的主機
36
target.ip
interestedIp
37
target.ip
objectIp
38
principal.user.userid
objectUser
39
target.user.userid
objectUser
40
src.hostname
shost
41
src.platform_version
sOSName
42
src.mac
smac
43
target.hostname
dhost
44
target.platform_version
dOSName
45
target.mac
dmac
46
target.group.group_display_name
dstGroup
47
principal.domain.name
userDomain
48
target.url
要求
49
target.domain.name
requestBase
50
security_result.category_details
類別
51
principal.ip
src
52
src.ip
src
53
principal.ip
peerIp
54
principal.hostname
peerHost
55
principal.asset.asset_id
peerEndpointGUID
56
principal.ip
dst
57
target.ip
dst
58
src.port
spt
59
目標.埠
dpt
60
src.file.names
檔案名稱
61
src.file.full_path
fullPath
62
src.file.size
檔案大小
63
src.file.names
compressedFileName
64
src.file.sha1
compressedFileHash
65
src.file.sha256
compressedFileHashSha256
66
src.file.size
compressedFileSize
67
src.file.mime_type
壓縮檔案類型
68
src.file.full_path
srcFilePath
69
src.file.md5
srcFileHashMd5
70
src.file.sha1
srcFileHashSha1
71
src.file.sha256
srcFileHashSha256
72
src.file.full_path
檔案路徑名稱
73
src.file.sha1
fileHash
74
src.file.sha256
fileHashSha256
75
目標檔案名稱
objectFileName
76
target.file.full_path
objectFilePath
77
target.file.sha1
objectFileHashSha1
78
target.file.sha256
objectFileHashSha256
79
target.file.md5
objectFileHashMd5
80
about.file.names
attachmentFileName
81
about.file.size
attachmentFileSize
82
about.file.sha1
attachmentFileHash
83
about.file.mime_type
attachmentFileType
84
about.file.sha1
attachmentFileHashSha1
85
about.file.sha256
attachmentFileHashSha256
86
about.file.md5
attachmentFileHashMd5
87
principal.process.integrity_level_rid
完整性級別
88
principal.process.command_line
processCmd
89
principal.process.file.md5
processFileHashMd5
90
principal.process.file.sha1
processFileHashSha1
91
principal.process.file.sha256
processFileHashSha256
92
principal.process.parent_process.command_line
parentCmd
93
principal.process.parent_process.file.full_path
parentFilePath
94
principal.process.parent_process.file.names
parentName
95
principal.process.parent_process.pid
parentPid
96
principal.process.parent_process.file.md5
parentFileHashMd5
97
principal.process.parent_process.file.sha1
parentFileHashSha1
98
principal.process.parent_process.file.sha256
parentFileHashSha256
99
principal.process.parent_process.integrity_level_rid
parentIntegrityLevel
100
target.process.command_line
objectCmd
101
target.process.pid
objectPid
102
target.process.file.full_path
objectTargetProcess
103
principal.process.file.full_path
processFilePath
104
principal.process.file.names
processName
105
principal.process.pid
processPid
106
principal.process.file.full_path
processImagePath
107
target.registry.registry_value_data
objectRegistryData
108
target.registry.registry_key
objectRegistryKeyHandle
109
target.registry.registry_value_name
objectRegistryValue
110
network.email.from
suser
111
network.email.to
duser
112
network.email.subject
mailMsgSubject
113
network.email.mail_id
msgId
114
security_result.about.email
信箱
115
network.smtp.mail_from
mailSmtpFromAddresses
116
network.smtp.rcpt_to
mailSmtpRecipients
117
network.smtp.is_tls
mailSmtpTls
118
network.email.subject
highlightMailMsgSubject
119
network.http.method
requestMethod
120
network.http.referral_url
httpReferer
121
network.http.response_code
respCode
122
security_result.attack_details.techniques
techniqueId
123
security_result.attack_details.tactics
tacticId
124
principal.asset.vulnerabilities
cve
125
principal.asset.vulnerabilities
cves
126
security_result.rule_name
ruleName
127
security_result.rule_type
ruleType
128
security_result.rule_id
ruleId
129
security_result.rule_version
規則版本
130
security_result.threat_name
threatName
131
security_result.threat_name
malName
132
security_result.detection_fields
subRuleId
key: "子規則ID"value: {subRuleId}
133
security_result.detection_fields
subRuleName
key: "子規則名稱"value: {subRuleName}
134
security_result.risk_score
分數
135
security_result.action_details
行動
136
security_result.detection_fields
detectionType
key: "偵測類型"value: {detectionType}
137
security_result.detection_fields
detectionName
key: "偵測名稱"value: {detectionName}
138
security_result.detection_fields
惡意軟體家族
key: "malFamily"value: {malFamily}
139
security_result.detection_fields
malType
key: "malType"value: {malType}
140
security_result.detection_fields
malSubType
key: "malSubType"value: {malSubType}
141
security_result.detection_fields
風險等級
key: "riskLevel"value: {riskLevel}
142
additional.fields
aptCampaigns
key: "aptCampaigns"value: {aptCampaigns}
143
security_result.threat_name
威脅名稱
144
principal.user.department
userDepartment
145
principal.user.userid
principalName
146
principal.user.userid
logonUsers
147
additional.fields
應用程式
key: "應用程式"value: {application}
148
additional.fields
appLabel
key: "appLabel"value: {appLabel}
149
additional.fields
eventID
key: "事件ID"value: {eventID}
150
additional.fields
eventSubId
key: "事件子ID"value: {eventSubId}
151
additional.fields
clusterId
key: "叢集ID"value: {clusterId}
152
additional.fields
clusterName
key: "叢集名稱"value: {clusterName}
153
additional.fields
k8s命名空間
key: "k8sNamespace"value: {k8sNamespace}
154
principal.asset.hardware.model
端點模型
155
principal.asset.hardware.model
deviceModel