Skip to content
/ tm-v1-schema Public

Welcome to the official Git repository for Trend Vision One log schema documentation. This repository provides essential log schema details and data mapping information for Trend Vision One users.

License

Apache-2.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

trendmicro/tm-v1-schema

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
doc
doc
 
 
doc_v2
doc_v2
 
 
pages
pages
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Preview

  • This document is still in preview and Trend Micro does not guarantee any backward compatibility.

Background

  • These documents provide Trend Vision One log schema details.

Folder Structure

  • The folder structure is as follows: 
    .
├── README.md
├── doc (documentation by log type)
│   ├── <log_type_name>.yaml
│   └── ...
└── doc_v2 (documentation by layer and product)
    ├── <layer_name>
    │   ├── <product_name>.yaml
    │   └── ...
    └── ...
└── pages (for rendering in GitHub Pages)
    ├── <layer_name>
    │   ├── <product_name>.md
    │   └── ...
    └── ...

Pages

you can access the rendered pages at: https://trendmicro.github.io/tm-v1-schema/pages/index

User scenario

  • Currently, these documents only support the following use cases:
    1. Trend Vision One Search app general and advanced search

Property Description

Property Description
Name The log field name
ProductCode The products which send data to this field
Description_EN The field description
Sample The sample values of the field
DL_Searchable Whether logs are searchable by this field
DL_Type The field data type
DL_CommonKey The corresponding field name in General Search

ProductCode Mapping

Code Product
ALL All products
aad Microsoft Entra ID
ams Trend Vision One Mobile Security
opa Microsoft Active Directory
pao Trend Micro Apex One
pdi Trend Micro Deep Discovery Inspector
pds Trend Micro Deep Security
ptn TXOne EdgeOne (on-premises)
ptp TippingPoint Security Management System
pts TXOne Stellar (on-premises)
qpf Palo Alto Networks Next-Generation Firewalls
sao Trend Micro Apex One as a Service
sca Trend Micro Cloud App Security
scs Trend Cloud One - Container Security
sct Trend Cloud One - AWS CloudTrail
sds Trend Cloud One - Endpoint & Workload Security
sem Trend Micro Email Security
sfc Trend Cloud One – File Storage Security
sfs Trend Vision One File Security
sig Trend Vision One Zero Trust Secure Access Internet Access
sna XDR add-on: Deep Discovery Inspector
sss Trend Cloud One - Cloud Sentry
stp Trend Cloud One - Network Security
sws Trend Micro Web Security
szn Trend Vision One Zero Trust Secure Access Private Access
vpc XDR for Cloud - AWS VPC Flow Logs
xca Collaboration Sensor
xes XDR Endpoint Sensor
xms Email Sensor
xns Virtual Network Sensor

EventId, EventSubId Mapping

eventId

eventId Event Type
1 TELEMETRY_PROCESS
2 TELEMETRY_FILE
3 TELEMETRY_CONNECTION
4 TELEMETRY_DNS
5 TELEMETRY_REGISTRY
6 TELEMETRY_ACCOUNT
7 TELEMETRY_INTERNET
8 TELEMETRY_MODIFIED_PROCESS
9 TELEMETRY_WINDOWS_HOOK
10 TELEMETRY_WINDOWS_EVENT
11 TELEMETRY_AMSI
12 TELEMETRY_WMI
13 TELEMETRY_MEMORY
14 TELEMETRY_BM
15 TELEMETRY_APP
16 TELEMETRY_SYSTEM_EVENT
17 TELEMETRY_EVENT_PIPE
18 TELEMETRY_MAC_SYS_LOG
19 TELEMETRY_DDR
101 TELEMETRY_ASSOCIATION

eventSubId

eventSubId Event Sub-Type
0 TELEMETRY_NONE
1 TELEMETRY_PROCESS_OPEN
2 TELEMETRY_PROCESS_CREATE
3 TELEMETRY_PROCESS_TERMINATE
4 TELEMETRY_PROCESS_LOAD_IMAGE
5 TELEMETRY_PROCESS_EXECUTE
6 TELEMETRY_PROCESS_CONNECT
7 TELEMETRY_PROCESS_TRACME
8 TELEMETRY_PROCESS_LOAD_KERNEL_IMAGE
101 TELEMETRY_FILE_CREATE
102 TELEMETRY_FILE_OPEN
103 TELEMETRY_FILE_DELETE
104 TELEMETRY_FILE_SET_SECURITY
105 TELEMETRY_FILE_COPY
106 TELEMETRY_FILE_MOVE
107 TELEMETRY_FILE_CLOSE
108 TELEMETRY_FILE_MODIFY_TIMESTAMP
109 TELEMETRY_FILE_MODIFY
110 TELEMETRY_FILE_SET_ATTRIBUTES
111 TELEMETRY_FILE_ENUMERATE
112 TELEMETRY_FILE_SET_EXTENDED_ATTRIBUTE
113 TELEMETRY_FILE_DELETE_EXTENDED_ATTRIBUTE
201 TELEMETRY_CONNECTION_CONNECT
202 TELEMETRY_CONNECTION_LISTEN
203 TELEMETRY_CONNECTION_CONNECT_INBOUND
204 TELEMETRY_CONNECTION_CONNECT_OUTBOUND
301 TELEMETRY_DNS_QUERY
401 TELEMETRY_REGISTRY_CREATE
402 TELEMETRY_REGISTRY_SET
403 TELEMETRY_REGISTRY_DELETE
404 TELEMETRY_REGISTRY_RENAME
405 TELEMETRY_REGISTRY_ENUMERATE
406 TELEMETRY_REGISTRY_ENUMERATEVALUE
407 TELEMETRY_REGISTRY_QUERYVALUE
408 TELEMETRY_REGISTRY_SAVE
501 TELEMETRY_ACCOUNT_ADD
502 TELEMETRY_ACCOUNT_DELETE
503 TELEMETRY_ACCOUNT_IMPERSONATE
504 TELEMETRY_ACCOUNT_MODIFY
505 TELEMETRY_ACCOUNT_LOGIN
506 TELEMETRY_ACCOUNT_LOGOUT
601 TELEMETRY_INTERNET_OPEN
602 TELEMETRY_INTERNET_CONNECT
603 TELEMETRY_INTERNET_DOWNLOAD
701 TELEMETRY_MODIFIED_PROCESS_CREATE_REMOTETHREAD
702 TELEMETRY_MODIFIED_PROCESS_WRITE_MEMORY
703 TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS
704 TELEMETRY_MODIFIED_PROCESS_READ_PROCESS
705 TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS_NAME
801 TELEMETRY_WINDOWS_HOOK_SET
901 TELEMETRY_AMSI_EXECUTE
1001 TELEMETRY_MEMORY_MODIFY
1002 TELEMETRY_MEMORY_MODIFY_PERMISSION
1003 TELEMETRY_MEMORY_READ
1101 TELEMETRY_BM_INVOKE
1102 TELEMETRY_BM_INVOKE_API
1201 TELEMETRY_APP_START
1202 TELEMETRY_APP_STOP
1203 TELEMETRY_APP_INSTALL
1204 TELEMETRY_APP_UNINSTALL
1205 TELEMETRY_APP_BEHAVIOR
1301 TELEMETRY_SYSTEM_EVENT_ENABLE
1302 TELEMETRY_SYSTEM_EVENT_DISABLE
1303 TELEMETRY_SYSTEM_CERTIFICATION_INSTALL
1304 TELEMETRY_SYSTEM_DEVICE_ROOTED
1401 TELEMETRY_PIPE_CREATE
1402 TELEMETRY_PIPE_CONNECT
1601 TELEMETRY_MAC_SYS_LOG_COLLECT
1701 TELEMETRY_DDR_FILE_COPY
1702 TELEMETRY_DDR_FILE_MOVE
1703 TELEMETRY_DDR_FILE_RENAME
1704 TELEMETRY_DDR_FILE_MODIFY
1705 TELEMETRY_DDR_FILE_DELETE
1706 TELEMETRY_DDR_FILE_UNZIP
1707 TELEMETRY_DDR_FILE_ZIP
1708 TELEMETRY_DDR_FILE_UPLOAD
1709 TELEMETRY_DDR_FILE_DOWNLOAD
1710 TELEMETRY_DDR_FILE_PRINT
10101 TELEMETRY_ASSOCIATION_PROCESS_IMAGE_FILE
10102 TELEMETRY_ASSOCIATION_AUTO_RUN_KEY_FULL_PATH
10103 TELEMETRY_ASSOCIATION_HOST_PROC_CMD_FULL_PATH
10104 TELEMETRY_ASSOCIATION_SERVICE_DLL
10105 TELEMETRY_ASSOCIATION_ARCHIVE_FILE
10106 TELEMETRY_ASSOCIATION_BROWSER_PROCESS

About

Welcome to the official Git repository for Trend Vision One log schema documentation. This repository provides essential log schema details and data mapping information for Trend Vision One users.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 8