檢視次數:
編號
Google SecOps UDM 欄位
Trend Vision One 欄位
注意
1
metadata.event_type
  • GENERIC_EVENT
  • FILE_UNCATEGORIZED
  • 檔案修改
  • 狀態更新
2
metadata.vendor_name
TRENDMICRO VISION ONE WORKBENCH
3
metadata.product_name
TRENDMICRO VISION ONE WORKBENCH
4
target.file.full_path
fullPath
5
target.file.full_path
檔案路徑名稱
6
目標檔案名稱
檔案名稱
7
principal.hostname
endpointHostName
8
principal.asset.hostname
endpointHostName
9
principal.ip
端點Ip
10
principal.asset.ip
端點Ip
11
其他欄位
mpver
key: "mpver"value: {mpver}
12
metadata.product_version
pver
13
target.process.file.full_path
processName
14
principal.asset.asset_id
mDeviceGUID
15
metadata.product_event_type
eventName
16
metadata.product_log_id
eventId
17
rt
18
metadata.collected_timestamp
logReceivedTime
19
其他欄位
rtDate
key: "rtDate"value: {rtDate}
20
其他欄位
eventSourceType
key: "事件來源類型"value: {eventSourceType}
21
其他欄位
hostId
key: "主機ID"value: {hostId}
22
security_result.rule_id
ruleId
23
principal.administrative_domain
suid
24
principal.user.userid
25
principal.resource.attribute.labels
senderGUID
key: "senderGUID"value: {senderGUID}
26
principal.resource.attribute.labels
uuid
key: "uuid"value: {uuid}
27
security_result.detection_fields
detectionType
key: "偵測類型"value: {detectionType}
28
security_result.detection_fields
winEventId
key: "winEventId"value: {winEventId}
29
security_result.description
msg
30
security_result.detection_fields
subRuleId
key: "子規則ID"value: {subRuleId}
31
security_result.detection_fields
subRuleName
key: "子規則名稱"value: {subRuleName}
32
security_result.category_details
cat
33
security_result.action_details
檔案操作
34
security_result.rule_name
ruleName
35
principal.resource.attribute.labels
endpointGUID
key: "endpointGUID"value: {endpointGUID}
36
其他欄位
logKey
key: "日誌鍵"value: {logKey}
37
其他欄位
productCode
key: "產品代碼"value: {productCode}
38
其他欄位
mpname
key: "mpname"value: {mpname}
39
security_result.severity_details
嚴重性
40
target.user.userid
duser
41
metadata.description
描述
42
嚴重性
modelSeverity
43
principal.hostname
impactScope.entities.entityValue.name
impactScope.entities.entityType = "主機"
44
principal.asset.hostname
impactScope.entities.entityValue.name
impactScope.entities.entityType = "主機"
45
principal.ip
impactScope.entities.entityValue.ips
impactScope.entities.entityType = "主機"
46
principal.asset.ip
impactScope.entities.entityValue.ips
impactScope.entities.entityType = "主機"
47
principal.user.user_display_name
impactScope.entities.entityValue
impactScope.entities.entityType = "帳戶"
48
principal.user.email_addresses
impactScope.entities.entityValue
impactScope.entities.entityType = "emailAddress"
49
security_result.detection_fields
指標
key: {indicators.type}value: {indicators.value}key: "欄位"value: {indicators.field}
50
security_result.rule_id
matchedRules.id
51
security_result.rule_name
matchedRules.name
52
security_result.attack_details.tactics.id
matchedRules.matchedFilters.mitreTacticIds
53
security_result.attack_details.techniques.techniques.id
matchedRules.matchedFilters.mitreTechniqueIds
54
其他欄位
model
key: "型號"value: {model}
55
security_result.url_back_to_product
workbenchLink
56
security_result.detection_fields
key: "狀態"value: {status}
57
security_result.about.investigation.status
調查狀態
58
security_result.about.investigation.comments
調查結果
59
security_result.risk_score
分數
60
security_result.last_updated_time
updatedDateTime
61
metadata.product_log_id
62
metadata.event_timestamp
createdDateTime
63
security_result.first_discovered_time
createdDateTime
64
metadata.product_name
pname