| 編號 |
Google SecOps UDM 欄位
|
Trend Vision One 欄位
|
注意
|
| 1 |
metadata.event_type
|
|
|
| 2 |
metadata.vendor_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
| 3 |
metadata.product_name
|
TRENDMICRO VISION ONE WORKBENCH
|
|
| 4 |
target.file.full_path
|
fullPath
|
|
| 5 |
target.file.full_path
|
檔案路徑名稱
|
|
| 6 |
目標檔案名稱
|
檔案名稱
|
|
| 7 |
principal.hostname
|
endpointHostName
|
|
| 8 |
principal.asset.hostname
|
endpointHostName
|
|
| 9 |
principal.ip
|
端點Ip
|
|
| 10 |
principal.asset.ip
|
端點Ip
|
|
| 11 |
其他欄位
|
mpver
|
key: "mpver"value: {mpver}
|
| 12 |
metadata.product_version
|
pver
|
|
| 13 |
target.process.file.full_path
|
processName
|
|
| 14 |
principal.asset.asset_id
|
mDeviceGUID
|
|
|
15
|
metadata.product_event_type
|
eventName
|
|
|
16
|
metadata.product_log_id
|
eventId
|
|
|
17
|
rt
|
||
|
18
|
metadata.collected_timestamp
|
logReceivedTime
|
|
|
19
|
其他欄位
|
rtDate
|
key: "rtDate"value: {rtDate}
|
|
20
|
其他欄位
|
eventSourceType
|
key: "事件來源類型"value: {eventSourceType}
|
|
21
|
其他欄位
|
hostId
|
key: "主機ID"value: {hostId}
|
|
22
|
security_result.rule_id
|
ruleId
|
|
|
23
|
principal.administrative_domain
|
suid
|
|
|
24
|
principal.user.userid
|
||
|
25
|
principal.resource.attribute.labels
|
senderGUID
|
key: "senderGUID"value: {senderGUID}
|
|
26
|
principal.resource.attribute.labels
|
uuid
|
key: "uuid"value: {uuid}
|
|
27
|
security_result.detection_fields
|
detectionType
|
key: "偵測類型"value: {detectionType}
|
|
28
|
security_result.detection_fields
|
winEventId
|
key: "winEventId"value: {winEventId}
|
|
29
|
security_result.description
|
msg
|
|
|
30
|
security_result.detection_fields
|
subRuleId
|
key: "子規則ID"value: {subRuleId}
|
|
31
|
security_result.detection_fields
|
subRuleName
|
key: "子規則名稱"value: {subRuleName}
|
|
32
|
security_result.category_details
|
cat
|
|
|
33
|
security_result.action_details
|
檔案操作
|
|
|
34
|
security_result.rule_name
|
ruleName
|
|
|
35
|
principal.resource.attribute.labels
|
endpointGUID
|
key: "endpointGUID"value: {endpointGUID}
|
|
36
|
其他欄位
|
logKey
|
key: "日誌鍵"value: {logKey}
|
|
37
|
其他欄位
|
productCode
|
key: "產品代碼"value: {productCode}
|
|
38
|
其他欄位
|
mpname
|
key: "mpname"value: {mpname}
|
|
39
|
security_result.severity_details
|
嚴重性
|
|
|
40
|
target.user.userid
|
duser
|
|
|
41
|
metadata.description
|
描述
|
|
|
42
|
嚴重性
|
modelSeverity
|
|
|
43
|
principal.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "主機"
|
|
44
|
principal.asset.hostname
|
impactScope.entities.entityValue.name
|
impactScope.entities.entityType = "主機"
|
|
45
|
principal.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "主機"
|
|
46
|
principal.asset.ip
|
impactScope.entities.entityValue.ips
|
impactScope.entities.entityType = "主機"
|
|
47
|
principal.user.user_display_name
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "帳戶"
|
|
48
|
principal.user.email_addresses
|
impactScope.entities.entityValue
|
impactScope.entities.entityType = "emailAddress"
|
|
49
|
security_result.detection_fields
|
指標
|
key: {indicators.type}value: {indicators.value}key: "欄位"value: {indicators.field}
|
|
50
|
security_result.rule_id
|
matchedRules.id
|
|
|
51
|
security_result.rule_name
|
matchedRules.name
|
|
|
52
|
security_result.attack_details.tactics.id
|
matchedRules.matchedFilters.mitreTacticIds
|
|
|
53
|
security_result.attack_details.techniques.techniques.id
|
matchedRules.matchedFilters.mitreTechniqueIds
|
|
|
54
|
其他欄位
|
model
|
key: "型號"value: {model}
|
|
55
|
security_result.url_back_to_product
|
workbenchLink
|
|
|
56
|
security_result.detection_fields
|
key: "狀態"value: {status}
|
|
|
57
|
security_result.about.investigation.status
|
調查狀態
|
|
|
58
|
security_result.about.investigation.comments
|
調查結果
|
|
|
59
|
security_result.risk_score
|
分數
|
|
|
60
|
security_result.last_updated_time
|
updatedDateTime
|
|
|
61
|
metadata.product_log_id
|
||
|
62
|
metadata.event_timestamp
|
createdDateTime
|
|
|
63
|
security_result.first_discovered_time
|
createdDateTime
|
|
|
64
|
metadata.product_name
|
pname
|
檢視次數: