TrendMicro_XDR_OAT_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Supports Transformations	✗ No
Ingestion API Supported	✓ Yes
Lake-Only Ingestion	✗ No (source)

Schema
Solutions
Connectors
Parsers

Schema (591 columns)

Source: KQL validation test schema

Column Name	Type
_ItemId	string
_ResourceId	string
_ResourceId_s	string
authId_s	string
bitwiseFilterRiskLevel_d	real
Computer	string
detail_act_s	string
detail_act_s_s	string
detail_actResult_s	string
detail_actResult_s_s	string
detail_aggregatedCount_d	real
detail_aggregatedCount_d_s	string
detail_aggregatedCount_s	string
detail_app_s	string
detail_app_s_s	string
detail_authId_d	real
detail_authId_d_d	real
detail_behaviorCat_s	string
detail_behaviorCat_s_s	string
detail_blocking_s	string
detail_blocking_s_s	string
detail_bmGroup_s	string
detail_bmGroup_s_s	string
detail_cccaDetectionSource_s	string
detail_cccaDetectionSource_s_s	string
detail_cccaRiskLevel_d	real
detail_cccaRiskLevel_d_s	string
detail_cccaRiskLevel_s	string
detail_channel_s	string
detail_channel_s_s	string
detail_compressedFileName_s	string
detail_compressedFileName_s_s	string
detail_confidence_d	real
detail_confidence_d_s	string
detail_confidence_s	string
detail_correlationData_s	string
detail_correlationData_s_s	string
detail_detectionName_s	string
detail_detectionName_s_s	string
detail_detectionType_s	string
detail_detectionType_s_s	string
detail_deviceGUID_g	string
detail_deviceGUID_g_s	string
detail_deviceGUID_s	string
detail_deviceType_s	string
detail_deviceType_s_s	string
detail_direction_s	string
detail_direction_s_s	string
detail_domainName_s	string
detail_domainName_s_s	string
detail_dvchost_s	string
detail_dvchost_s_s	string
detail_endpointGUID_g	string
detail_endpointGuid_g_g	string
detail_endpointGuid_g_g_g	string
detail_endpointGUID_g_s	string
detail_endpointGUID_s	string
detail_endpointHostName_s	string
detail_endpointHostName_s_s	string
detail_endpointIp_s	string
detail_endpointIp_s_s	string
detail_endpointMacAddress_s	string
detail_endpointMacAddress_s_s	string
detail_engineOperation_s	string
detail_engineOperation_s_s	string
detail_engType_s	string
detail_engType_s_s	string
detail_engVer_s	string
detail_engVer_s_s	string
detail_eventDataProviderName_s	string
detail_eventDataProviderName_s_s	string
detail_eventDataProviderPath_s	string
detail_eventDataProviderPath_s_s	string
detail_eventHashId_d	real
detail_eventHashId_d_s	string
detail_eventHashId_s	string
detail_eventId_d	real
detail_eventId_d_s	string
detail_eventId_s	string
detail_eventId_s_s	string
detail_eventName_s	string
detail_eventName_s_s	string
detail_eventSourceType_s	string
detail_eventSourceType_s_s	string
detail_eventSubId_s	string
detail_eventSubId_s_s	string
detail_eventSubName_s	string
detail_eventSubName_s_s	string
detail_eventTime_d	real
detail_eventTime_d_d	real
detail_eventTimeDT_t	datetime
detail_eventTimeDT_t_UTC__s	string
detail_eventTimeDT_t_UTC_s	string
detail_eventTimeDT_UTC__s	string
detail_fileCreation_t	datetime
detail_fileCreation_t_UTC__s	string
detail_fileCreation_t_UTC_s	string
detail_fileCreation_UTC__s	string
detail_fileHash_s	string
detail_fileHash_s_s	string
detail_fileName_s	string
detail_fileName_s_s	string
detail_filePath_s	string
detail_filePath_s_s	string
detail_fileSize_d	real
detail_fileSize_d_s	string
detail_fileSize_s	string
detail_filterRiskLevel_s	string
detail_filterRiskLevel_s_s	string
detail_firstAct_s	string
detail_firstAct_s_s	string
detail_firstActResult_s	string
detail_firstActResult_s_s	string
detail_firstSeen_t	datetime
detail_firstSeen_t_UTC__s	string
detail_firstSeen_t_UTC_s	string
detail_firstSeen_UTC__s	string
detail_fullPath_s	string
detail_fullPath_s_s	string
detail_instanceId_g	string
detail_instanceId_g_s	string
detail_instanceId_s	string
detail_integrityLevel_d	real
detail_integrityLevel_d_d	real
detail_interestedHost_s	string
detail_interestedHost_s_s	string
detail_interestedIp_s	string
detail_interestedIp_s_s	string
detail_lastSeen_t	datetime
detail_lastSeen_t_UTC__s	string
detail_lastSeen_t_UTC_s	string
detail_lastSeen_UTC__s	string
detail_logKey_s	string
detail_logKey_s_s	string
detail_logonUser_s	string
detail_logonUser_s_s	string
detail_malDst_s	string
detail_malDst_s_s	string
detail_malFamily_s	string
detail_malFamily_s_s	string
detail_malName_s	string
detail_malName_s_s	string
detail_malSubType_s	string
detail_malSubType_s_s	string
detail_malType_s	string
detail_malType_s_s	string
detail_mDevice_s	string
detail_mDevice_s_s	string
detail_mDeviceGUID_g	string
detail_mDeviceGUID_g_s	string
detail_mDeviceGUID_s	string
detail_mpname_s	string
detail_mpname_s_s	string
detail_mpver_s	string
detail_mpver_s_s	string
detail_nativeDeviceCharacteristics_d	real
detail_nativeDeviceCharacteristics_d_s	string
detail_nativeDeviceCharacteristics_s	string
detail_nativeDeviceType_d	real
detail_nativeDeviceType_d_s	string
detail_nativeDeviceType_s	string
detail_nativeStorageDeviceBusType_d	real
detail_nativeStorageDeviceBusType_d_s	string
detail_nativeStorageDeviceBusType_s	string
detail_objectAuthId_d	real
detail_objectAuthId_d_s	string
detail_objectAuthId_s	string
detail_objectCmd_s	string
detail_objectCmd_s_s	string
detail_objectFileCreation_d	real
detail_objectFileCreation_d_s	string
detail_objectFileCreation_s	string
detail_objectFileHashId_d	real
detail_objectFileHashId_d_s	string
detail_objectFileHashId_s	string
detail_objectFileHashMd5_g	string
detail_objectFileHashMd5_g_s	string
detail_objectFileHashMd5_s	string
detail_objectFileHashSha1_s	string
detail_objectFileHashSha1_s_s	string
detail_objectFileHashSha256_s	string
detail_objectFileHashSha256_s_s	string
detail_objectFileModifiedTime_d	real
detail_objectFileModifiedTime_d_s	string
detail_objectFileModifiedTime_s	string
detail_objectFilePath_s	string
detail_objectFilePath_s_s	string
detail_objectFileSize_d	real
detail_objectFileSize_d_s	string
detail_objectFileSize_s	string
detail_objectFirstSeen_d	real
detail_objectFirstSeen_d_d	real
detail_objectHashId_d	real
detail_objectHashId_d_s	string
detail_objectHashId_s	string
detail_objectIntegrityLevel_d	real
detail_objectIntegrityLevel_d_s	string
detail_objectIntegrityLevel_s	string
detail_objectLastSeen_d	real
detail_objectLastSeen_d_d	real
detail_objectLaunchTime_d	real
detail_objectLaunchTime_d_s	string
detail_objectLaunchTime_s	string
detail_objectName_s	string
detail_objectName_s_s	string
detail_objectPid_d	real
detail_objectPid_d_s	string
detail_objectPid_s	string
detail_objectRegistryData_s	string
detail_objectRegistryData_s_s	string
detail_objectRegistryKeyHandle_s	string
detail_objectRegistryKeyHandle_s_s	string
detail_objectRegistryRoot_d	real
detail_objectRegistryRoot_d_d	real
detail_objectRegistryValue_s	string
detail_objectRegistryValue_s_s	string
detail_objectRegType_d	real
detail_objectRegType_d_d	real
detail_objectRunAsLocalAccount_b	bool
detail_objectRunAsLocalAccount_b_s	string
detail_objectRunAsLocalAccount_s	string
detail_objectSessionId_d	real
detail_objectSessionId_d_s	string
detail_objectSessionId_s	string
detail_objectSigner_s	string
detail_objectSigner_s_s	string
detail_objectSignerValid_s	string
detail_objectSignerValid_s_s	string
detail_objectSubTrueType_d	real
detail_objectSubTrueType_d_s	string
detail_objectSubTrueType_s	string
detail_objectTrueType_d	real
detail_objectTrueType_d_s	string
detail_objectTrueType_s	string
detail_objectUser_s	string
detail_objectUser_s_s	string
detail_objectUserDomain_s	string
detail_objectUserDomain_s_s	string
detail_osDescription_s	string
detail_osDescription_s_s	string
detail_osName_s	string
detail_osName_s_s	string
detail_osType_d	real
detail_osType_s	string
detail_osType_s_d	real
detail_osVer_s	string
detail_osVer_s_s	string
detail_parentAuthId_d	real
detail_parentAuthId_d_s	string
detail_parentAuthId_s	string
detail_parentCmd_s	string
detail_parentCmd_s_s	string
detail_parentFileCreation_d	real
detail_parentFileCreation_d_s	string
detail_parentFileCreation_s	string
detail_parentFileHashId_d	real
detail_parentFileHashId_d_s	string
detail_parentFileHashId_s	string
detail_parentFileHashMd5_g	string
detail_parentFileHashMd5_g_s	string
detail_parentFileHashMd5_s	string
detail_parentFileHashSha1_s	string
detail_parentFileHashSha1_s_s	string
detail_parentFileHashSha256_s	string
detail_parentFileHashSha256_s_s	string
detail_parentFileModifiedTime_d	real
detail_parentFileModifiedTime_d_s	string
detail_parentFileModifiedTime_s	string
detail_parentFilePath_s	string
detail_parentFilePath_s_s	string
detail_parentFileSize_d	real
detail_parentFileSize_d_s	string
detail_parentFileSize_s	string
detail_parentHashId_d	real
detail_parentHashId_d_s	string
detail_parentHashId_s	string
detail_parentIntegrityLevel_d	real
detail_parentIntegrityLevel_d_s	string
detail_parentIntegrityLevel_s	string
detail_parentLaunchTime_d	real
detail_parentLaunchTime_d_s	string
detail_parentLaunchTime_s	string
detail_parentName_s	string
detail_parentName_s_s	string
detail_parentPid_d	real
detail_parentPid_d_s	string
detail_parentPid_s	string
detail_parentSessionId_d	real
detail_parentSessionId_d_s	string
detail_parentSessionId_s	string
detail_parentSigner_s	string
detail_parentSigner_s_s	string
detail_parentSignerValid_s	string
detail_parentSignerValid_s_s	string
detail_parentTrueType_d	real
detail_parentTrueType_d_s	string
detail_parentTrueType_s	string
detail_parentUser_s	string
detail_parentUser_s_s	string
detail_parentUserDomain_s	string
detail_parentUserDomain_s_s	string
detail_patType_s	string
detail_patType_s_s	string
detail_patVer_s	string
detail_patVer_s_s	string
detail_pComp_s	string
detail_pComp_s_s	string
detail_plang_d	real
detail_plang_d_d	real
detail_pname_d	real
detail_pname_s	string
detail_pname_s_d	real
detail_policyId_s	string
detail_policyId_s_s	string
detail_policyName_s	string
detail_policyName_s_s	string
detail_pplat_d	real
detail_pplat_d_d	real
detail_processCmd_s	string
detail_processCmd_s_s	string
detail_processFileCreation_d	real
detail_processFileCreation_d_d	real
detail_processFileHashId_d	real
detail_processFileHashId_d_s	string
detail_processFileHashId_s	string
detail_processFileHashMd5_g	string
detail_processFileHashMd5_g_g	string
detail_processFileHashMd5_g_g_g	string
detail_processFileHashSha1_s	string
detail_processFileHashSha1_s_s	string
detail_processFileHashSha256_s	string
detail_processFileHashSha256_s_s	string
detail_processFileModifiedTime_d	real
detail_processFileModifiedTime_d_d	real
detail_processFilePath_s	string
detail_processFilePath_s_s	string
detail_processFileSize_d	real
detail_processFileSize_d_d	real
detail_processHashId_d	real
detail_processHashId_d_s	string
detail_processHashId_s	string
detail_processLaunchTime_d	real
detail_processLaunchTime_d_d	real
detail_processName_s	string
detail_processName_s_s	string
detail_processPid_d	real
detail_processPid_d_d	real
detail_processSigner_s	string
detail_processSigner_s_s	string
detail_processSignerValid_s	string
detail_processSignerValid_s_s	string
detail_processTrueType_d	real
detail_processTrueType_d_d	real
detail_processUser_s	string
detail_processUser_s_s	string
detail_processUserDomain_s	string
detail_processUserDomain_s_s	string
detail_productCode_s	string
detail_productCode_s_s	string
detail_providerGUID_g	string
detail_providerGUID_g_s	string
detail_providerGUID_s	string
detail_providerName_s	string
detail_providerName_s_s	string
detail_pver_s	string
detail_pver_s_s	string
detail_rating_s	string
detail_rating_s_s	string
detail_rawDataSize_d	real
detail_rawDataSize_d_s	string
detail_rawDataSize_s	string
detail_rawDataStr_s	string
detail_rawDataStr_s_s	string
detail_request_s	string
detail_request_s_s	string
detail_riskLevel_s	string
detail_riskLevel_s_s	string
detail_rt_d	real
detail_rt_d_s	string
detail_rt_s	string
detail_rt_t	datetime
detail_rt_t_UTC__s	string
detail_rt_t_UTC_s	string
detail_rt_UTC__s	string
detail_rt_utc_t	datetime
detail_rt_utc_t_UTC__s	string
detail_rt_utc_t_UTC_s	string
detail_rt_utc_UTC__s	string
detail_rtDate_s	string
detail_rtDate_s_s	string
detail_rtHour_d	real
detail_rtHour_d_s	string
detail_rtHour_s	string
detail_rtWeekDay_s	string
detail_rtWeekDay_s_s	string
detail_ruleId_d	real
detail_ruleId_d_s	string
detail_ruleId_s	string
detail_ruleName_s	string
detail_ruleName_s_s	string
detail_scanType_s	string
detail_scanType_s_s	string
detail_score_d	real
detail_score_d_s	string
detail_score_s	string
detail_secondAct_s	string
detail_secondAct_s_s	string
detail_secondActResult_s	string
detail_secondActResult_s_s	string
detail_senderGUID_g	string
detail_senderGUID_g_s	string
detail_senderGUID_s	string
detail_senderIp_s	string
detail_senderIp_s_s	string
detail_sessionId_d	real
detail_sessionId_d_d	real
detail_severity_d	real
detail_severity_d_s	string
detail_severity_s	string
detail_suid_s	string
detail_suid_s_s	string
detail_tags_s	string
detail_tags_s_s	string
detail_threatType_s	string
detail_threatType_s_s	string
detail_timezone_s	string
detail_timezone_s_s	string
detail_urlCat_s	string
detail_urlCat_s_s	string
detail_userDomain_s	string
detail_userDomain_s_s	string
detail_uuid_g	string
detail_uuid_g_g	string
detail_uuid_g_g_g	string
detail_winEventId_d	real
detail_winEventId_d_s	string
detail_winEventId_s	string
detailcanType_s	string
detailcore_s	string
detailecondAct_s	string
detailecondActResult_s	string
detailenderGUID_g_s	string
detailenderGUID_s	string
detailenderIp_s	string
detailessionId_d	real
detailessionId_s	string
detailetectionName_s	string
detailetectionType_s	string
detaileverity_s	string
detaileviceGUID_g_s	string
detaileviceGUID_s	string
detaileviceType_s	string
detailirection_s	string
detailomainName_s	string
detailuid_s	string
detailuid_s_s	string
detailvchost_s	string
detectionTime_t	datetime
detectionTime_t_UTC__s	string
detectionTime_t_UTC_s	string
detectionTime_UTC__s	string
deviceType_d	real
endpoint_guid_g	string
endpoint_guid_g_g	string
endpoint_guid_g_g_g	string
endpoint_ips_s	string
endpoint_ips_s_s	string
endpoint_name_s	string
endpoint_name_s_s	string
endpointHostName_s	string
endpointIp_s	string
endpointMacAddress_s	string
entityName_s	string
entityName_s_s	string
entityType_s	string
entityType_s_s	string
eventHashId_s	string
eventId_s	string
eventSourceType_d	real
eventSubId_d	real
eventTime_d	real
filterRiskLevel_s	string
filters_s	string
filters_s_s	string
firstSeen_s	string
ingestionTime_t	datetime
integrityLevel_d	real
lastSeen_s	string
logonUser_s	string
ManagementGroupName	string
MG	string
MG_s	string
nativeDeviceCharacteristics_d	real
nativeDeviceType_d	real
nativeStorageDeviceBusType_d	real
objectAppName_s	string
objectAuthId_s	string
objectCmd_s	string
objectContentName_s	string
objectFileCreation_s	string
objectFileDaclString_s	string
objectFileHashId_s	string
objectFileHashMd5_g	string
objectFileHashSha1_s	string
objectFileHashSha256_s	string
objectFileModifiedTime_s	string
objectFilePath_s	string
objectFileSize_s	string
objectFirstSeen_s	string
objectHashId_s	string
objectIntegrityLevel_d	real
objectLastSeen_s	string
objectLaunchTime_s	string
objectName_s	string
objectPid_d	real
objectRawDataSize_s	string
objectRawDataStr_s	string
objectRegistryData_s	string
objectRegistryKeyHandle_s	string
objectRegistryRoot_d	real
objectRegistryValue_s	string
objectRegType_d	real
objectRunAsLocalAccount_b	bool
objectSessionId_s	string
objectSigner_s	string
objectSignerValid_s	string
objectSubTrueType_d	real
objectTrueType_d	real
objectUser_s	string
objectUserDomain_s	string
os_s	string
osDescription_s	string
osType_s	string
osVer_s	string
packageTraceId_g	string
parentAuthId_s	string
parentCmd_s	string
parentFileCreation_s	string
parentFileHashId_s	string
parentFileHashMd5_g	string
parentFileHashSha1_s	string
parentFileHashSha256_s	string
parentFileModifiedTime_s	string
parentFilePath_s	string
parentFileSize_s	string
parentHashId_s	string
parentIntegrityLevel_d	real
parentLaunchTime_s	string
parentName_s	string
parentPid_d	real
parentSessionId_d	real
parentSigner_s	string
parentSignerValid_s	string
parentTrueType_d	real
parentUser_s	string
parentUserDomain_s	string
pname_s	string
processCmd_s	string
processFileCreation_s	string
processFileModifiedTime_s	string
processFilePath_s	string
processFileSize_s	string
processHashId_s	string
processLaunchTime_s	string
processName_s	string
processPid_d	string
processSigner_s	real
processSignerValid_s	string
processTrueType_s	string
processUser_s	string
processUserDomain_s	string
productCode_s	string
RawData	string
searchDL_s	string
sessionId_d	string
source_s	real
SourceSystem	string
tags_s	string
TenantId	string
TimeGenerated	datetime
TimeGenerated_UTC__s	string
TimeGenerated_UTC_s	string
timezone_s	datetime
Type	string
Type_s	string
userDomain_s	string
uuid_g	string
version_s	string
xdrCustomerId_g	string
xdrCustomerId_g_g	string
xdrCustomerId_g_g_g	string

Solutions (1)

This table is used by the following solutions:

Trend Micro Vision One

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Trend Vision One

Parsers Using This Table (2)

ASIM Parsers (2)

Parser	Schema	Product	Selection Criteria
ASimProcessCreateTrendMicroVisionOne	ProcessEvent	Trend Micro Vision One
ASimRegistryEventTrendMicroVisionOne	RegistryEvent	Trend Micro Vision One

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Tables Index

TrendMicro_XDR_OAT_CL

Contents

Schema (591 columns)

Solutions (1)

Connectors (1)

Parsers Using This Table (2)

ASIM Parsers (2)