TrendMicro_XDR_OAT_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Schema
Solutions
Connectors
Content Items
Parsers

Schema (591 columns)

Source: KQL validation test schema

Column Name	Type
_ItemId	string
_ResourceId	string
_ResourceId_s	string
authId_s	string
bitwiseFilterRiskLevel_d	real
Computer	string
detail_act_s	string
detail_act_s_s	string
detail_actResult_s	string
detail_actResult_s_s	string
detail_aggregatedCount_d	real
detail_aggregatedCount_d_s	string
detail_aggregatedCount_s	string
detail_app_s	string
detail_app_s_s	string
detail_authId_d	real
detail_authId_d_d	real
detail_behaviorCat_s	string
detail_behaviorCat_s_s	string
detail_blocking_s	string
detail_blocking_s_s	string
detail_bmGroup_s	string
detail_bmGroup_s_s	string
detail_cccaDetectionSource_s	string
detail_cccaDetectionSource_s_s	string
detail_cccaRiskLevel_d	real
detail_cccaRiskLevel_d_s	string
detail_cccaRiskLevel_s	string
detail_channel_s	string
detail_channel_s_s	string
detail_compressedFileName_s	string
detail_compressedFileName_s_s	string
detail_confidence_d	real
detail_confidence_d_s	string
detail_confidence_s	string
detail_correlationData_s	string
detail_correlationData_s_s	string
detail_detectionName_s	string
detail_detectionName_s_s	string
detail_detectionType_s	string
detail_detectionType_s_s	string
detail_deviceGUID_g	string
detail_deviceGUID_g_s	string
detail_deviceGUID_s	string
detail_deviceType_s	string
detail_deviceType_s_s	string
detail_direction_s	string
detail_direction_s_s	string
detail_domainName_s	string
detail_domainName_s_s	string
detail_dvchost_s	string
detail_dvchost_s_s	string
detail_endpointGUID_g	string
detail_endpointGuid_g_g	string
detail_endpointGuid_g_g_g	string
detail_endpointGUID_g_s	string
detail_endpointGUID_s	string
detail_endpointHostName_s	string
detail_endpointHostName_s_s	string
detail_endpointIp_s	string
detail_endpointIp_s_s	string
detail_endpointMacAddress_s	string
detail_endpointMacAddress_s_s	string
detail_engineOperation_s	string
detail_engineOperation_s_s	string
detail_engType_s	string
detail_engType_s_s	string
detail_engVer_s	string
detail_engVer_s_s	string
detail_eventDataProviderName_s	string
detail_eventDataProviderName_s_s	string
detail_eventDataProviderPath_s	string
detail_eventDataProviderPath_s_s	string
detail_eventHashId_d	real
detail_eventHashId_d_s	string
detail_eventHashId_s	string
detail_eventId_d	real
detail_eventId_d_s	string
detail_eventId_s	string
detail_eventId_s_s	string
detail_eventName_s	string
detail_eventName_s_s	string
detail_eventSourceType_s	string
detail_eventSourceType_s_s	string
detail_eventSubId_s	string
detail_eventSubId_s_s	string
detail_eventSubName_s	string
detail_eventSubName_s_s	string
detail_eventTime_d	real
detail_eventTime_d_d	real
detail_eventTimeDT_t	datetime
detail_eventTimeDT_t_UTC__s	string
detail_eventTimeDT_t_UTC_s	string
detail_eventTimeDT_UTC__s	string
detail_fileCreation_t	datetime
detail_fileCreation_t_UTC__s	string
detail_fileCreation_t_UTC_s	string
detail_fileCreation_UTC__s	string
detail_fileHash_s	string
detail_fileHash_s_s	string
detail_fileName_s	string
detail_fileName_s_s	string
detail_filePath_s	string
detail_filePath_s_s	string
detail_fileSize_d	real
detail_fileSize_d_s	string
detail_fileSize_s	string
detail_filterRiskLevel_s	string
detail_filterRiskLevel_s_s	string
detail_firstAct_s	string
detail_firstAct_s_s	string
detail_firstActResult_s	string
detail_firstActResult_s_s	string
detail_firstSeen_t	datetime
detail_firstSeen_t_UTC__s	string
detail_firstSeen_t_UTC_s	string
detail_firstSeen_UTC__s	string
detail_fullPath_s	string
detail_fullPath_s_s	string
detail_instanceId_g	string
detail_instanceId_g_s	string
detail_instanceId_s	string
detail_integrityLevel_d	real
detail_integrityLevel_d_d	real
detail_interestedHost_s	string
detail_interestedHost_s_s	string
detail_interestedIp_s	string
detail_interestedIp_s_s	string
detail_lastSeen_t	datetime
detail_lastSeen_t_UTC__s	string
detail_lastSeen_t_UTC_s	string
detail_lastSeen_UTC__s	string
detail_logKey_s	string
detail_logKey_s_s	string
detail_logonUser_s	string
detail_logonUser_s_s	string
detail_malDst_s	string
detail_malDst_s_s	string
detail_malFamily_s	string
detail_malFamily_s_s	string
detail_malName_s	string
detail_malName_s_s	string
detail_malSubType_s	string
detail_malSubType_s_s	string
detail_malType_s	string
detail_malType_s_s	string
detail_mDevice_s	string
detail_mDevice_s_s	string
detail_mDeviceGUID_g	string
detail_mDeviceGUID_g_s	string
detail_mDeviceGUID_s	string
detail_mpname_s	string
detail_mpname_s_s	string
detail_mpver_s	string
detail_mpver_s_s	string
detail_nativeDeviceCharacteristics_d	real
detail_nativeDeviceCharacteristics_d_s	string
detail_nativeDeviceCharacteristics_s	string
detail_nativeDeviceType_d	real
detail_nativeDeviceType_d_s	string
detail_nativeDeviceType_s	string
detail_nativeStorageDeviceBusType_d	real
detail_nativeStorageDeviceBusType_d_s	string
detail_nativeStorageDeviceBusType_s	string
detail_objectAuthId_d	real
detail_objectAuthId_d_s	string
detail_objectAuthId_s	string
detail_objectCmd_s	string
detail_objectCmd_s_s	string
detail_objectFileCreation_d	real
detail_objectFileCreation_d_s	string
detail_objectFileCreation_s	string
detail_objectFileHashId_d	real
detail_objectFileHashId_d_s	string
detail_objectFileHashId_s	string
detail_objectFileHashMd5_g	string
detail_objectFileHashMd5_g_s	string
detail_objectFileHashMd5_s	string
detail_objectFileHashSha1_s	string
detail_objectFileHashSha1_s_s	string
detail_objectFileHashSha256_s	string
detail_objectFileHashSha256_s_s	string
detail_objectFileModifiedTime_d	real
detail_objectFileModifiedTime_d_s	string
detail_objectFileModifiedTime_s	string
detail_objectFilePath_s	string
detail_objectFilePath_s_s	string
detail_objectFileSize_d	real
detail_objectFileSize_d_s	string
detail_objectFileSize_s	string
detail_objectFirstSeen_d	real
detail_objectFirstSeen_d_d	real
detail_objectHashId_d	real
detail_objectHashId_d_s	string
detail_objectHashId_s	string
detail_objectIntegrityLevel_d	real
detail_objectIntegrityLevel_d_s	string
detail_objectIntegrityLevel_s	string
detail_objectLastSeen_d	real
detail_objectLastSeen_d_d	real
detail_objectLaunchTime_d	real
detail_objectLaunchTime_d_s	string
detail_objectLaunchTime_s	string
detail_objectName_s	string
detail_objectName_s_s	string
detail_objectPid_d	real
detail_objectPid_d_s	string
detail_objectPid_s	string
detail_objectRegistryData_s	string
detail_objectRegistryData_s_s	string
detail_objectRegistryKeyHandle_s	string
detail_objectRegistryKeyHandle_s_s	string
detail_objectRegistryRoot_d	real
detail_objectRegistryRoot_d_d	real
detail_objectRegistryValue_s	string
detail_objectRegistryValue_s_s	string
detail_objectRegType_d	real
detail_objectRegType_d_d	real
detail_objectRunAsLocalAccount_b	bool
detail_objectRunAsLocalAccount_b_s	string
detail_objectRunAsLocalAccount_s	string
detail_objectSessionId_d	real
detail_objectSessionId_d_s	string
detail_objectSessionId_s	string
detail_objectSigner_s	string
detail_objectSigner_s_s	string
detail_objectSignerValid_s	string
detail_objectSignerValid_s_s	string
detail_objectSubTrueType_d	real
detail_objectSubTrueType_d_s	string
detail_objectSubTrueType_s	string
detail_objectTrueType_d	real
detail_objectTrueType_d_s	string
detail_objectTrueType_s	string
detail_objectUser_s	string
detail_objectUser_s_s	string
detail_objectUserDomain_s	string
detail_objectUserDomain_s_s	string
detail_osDescription_s	string
detail_osDescription_s_s	string
detail_osName_s	string
detail_osName_s_s	string
detail_osType_d	real
detail_osType_s	string
detail_osType_s_d	real
detail_osVer_s	string
detail_osVer_s_s	string
detail_parentAuthId_d	real
detail_parentAuthId_d_s	string
detail_parentAuthId_s	string
detail_parentCmd_s	string
detail_parentCmd_s_s	string
detail_parentFileCreation_d	real
detail_parentFileCreation_d_s	string
detail_parentFileCreation_s	string
detail_parentFileHashId_d	real
detail_parentFileHashId_d_s	string
detail_parentFileHashId_s	string
detail_parentFileHashMd5_g	string
detail_parentFileHashMd5_g_s	string
detail_parentFileHashMd5_s	string
detail_parentFileHashSha1_s	string
detail_parentFileHashSha1_s_s	string
detail_parentFileHashSha256_s	string
detail_parentFileHashSha256_s_s	string
detail_parentFileModifiedTime_d	real
detail_parentFileModifiedTime_d_s	string
detail_parentFileModifiedTime_s	string
detail_parentFilePath_s	string
detail_parentFilePath_s_s	string
detail_parentFileSize_d	real
detail_parentFileSize_d_s	string
detail_parentFileSize_s	string
detail_parentHashId_d	real
detail_parentHashId_d_s	string
detail_parentHashId_s	string
detail_parentIntegrityLevel_d	real
detail_parentIntegrityLevel_d_s	string
detail_parentIntegrityLevel_s	string
detail_parentLaunchTime_d	real
detail_parentLaunchTime_d_s	string
detail_parentLaunchTime_s	string
detail_parentName_s	string
detail_parentName_s_s	string
detail_parentPid_d	real
detail_parentPid_d_s	string
detail_parentPid_s	string
detail_parentSessionId_d	real
detail_parentSessionId_d_s	string
detail_parentSessionId_s	string
detail_parentSigner_s	string
detail_parentSigner_s_s	string
detail_parentSignerValid_s	string
detail_parentSignerValid_s_s	string
detail_parentTrueType_d	real
detail_parentTrueType_d_s	string
detail_parentTrueType_s	string
detail_parentUser_s	string
detail_parentUser_s_s	string
detail_parentUserDomain_s	string
detail_parentUserDomain_s_s	string
detail_patType_s	string
detail_patType_s_s	string
detail_patVer_s	string
detail_patVer_s_s	string
detail_pComp_s	string
detail_pComp_s_s	string
detail_plang_d	real
detail_plang_d_d	real
detail_pname_d	real
detail_pname_s	string
detail_pname_s_d	real
detail_policyId_s	string
detail_policyId_s_s	string
detail_policyName_s	string
detail_policyName_s_s	string
detail_pplat_d	real
detail_pplat_d_d	real
detail_processCmd_s	string
detail_processCmd_s_s	string
detail_processFileCreation_d	real
detail_processFileCreation_d_d	real
detail_processFileHashId_d	real
detail_processFileHashId_d_s	string
detail_processFileHashId_s	string
detail_processFileHashMd5_g	string
detail_processFileHashMd5_g_g	string
detail_processFileHashMd5_g_g_g	string
detail_processFileHashSha1_s	string
detail_processFileHashSha1_s_s	string
detail_processFileHashSha256_s	string
detail_processFileHashSha256_s_s	string
detail_processFileModifiedTime_d	real
detail_processFileModifiedTime_d_d	real
detail_processFilePath_s	string
detail_processFilePath_s_s	string
detail_processFileSize_d	real
detail_processFileSize_d_d	real
detail_processHashId_d	real
detail_processHashId_d_s	string
detail_processHashId_s	string
detail_processLaunchTime_d	real
detail_processLaunchTime_d_d	real
detail_processName_s	string
detail_processName_s_s	string
detail_processPid_d	real
detail_processPid_d_d	real
detail_processSigner_s	string
detail_processSigner_s_s	string
detail_processSignerValid_s	string
detail_processSignerValid_s_s	string
detail_processTrueType_d	real
detail_processTrueType_d_d	real
detail_processUser_s	string
detail_processUser_s_s	string
detail_processUserDomain_s	string
detail_processUserDomain_s_s	string
detail_productCode_s	string
detail_productCode_s_s	string
detail_providerGUID_g	string
detail_providerGUID_g_s	string
detail_providerGUID_s	string
detail_providerName_s	string
detail_providerName_s_s	string
detail_pver_s	string
detail_pver_s_s	string
detail_rating_s	string
detail_rating_s_s	string
detail_rawDataSize_d	real
detail_rawDataSize_d_s	string
detail_rawDataSize_s	string
detail_rawDataStr_s	string
detail_rawDataStr_s_s	string
detail_request_s	string
detail_request_s_s	string
detail_riskLevel_s	string
detail_riskLevel_s_s	string
detail_rt_d	real
detail_rt_d_s	string
detail_rt_s	string
detail_rt_t	datetime
detail_rt_t_UTC__s	string
detail_rt_t_UTC_s	string
detail_rt_UTC__s	string
detail_rt_utc_t	datetime
detail_rt_utc_t_UTC__s	string
detail_rt_utc_t_UTC_s	string
detail_rt_utc_UTC__s	string
detail_rtDate_s	string
detail_rtDate_s_s	string
detail_rtHour_d	real
detail_rtHour_d_s	string
detail_rtHour_s	string
detail_rtWeekDay_s	string
detail_rtWeekDay_s_s	string
detail_ruleId_d	real
detail_ruleId_d_s	string
detail_ruleId_s	string
detail_ruleName_s	string
detail_ruleName_s_s	string
detail_scanType_s	string
detail_scanType_s_s	string
detail_score_d	real
detail_score_d_s	string
detail_score_s	string
detail_secondAct_s	string
detail_secondAct_s_s	string
detail_secondActResult_s	string
detail_secondActResult_s_s	string
detail_senderGUID_g	string
detail_senderGUID_g_s	string
detail_senderGUID_s	string
detail_senderIp_s	string
detail_senderIp_s_s	string
detail_sessionId_d	real
detail_sessionId_d_d	real
detail_severity_d	real
detail_severity_d_s	string
detail_severity_s	string
detail_suid_s	string
detail_suid_s_s	string
detail_tags_s	string
detail_tags_s_s	string
detail_threatType_s	string
detail_threatType_s_s	string
detail_timezone_s	string
detail_timezone_s_s	string
detail_urlCat_s	string
detail_urlCat_s_s	string
detail_userDomain_s	string
detail_userDomain_s_s	string
detail_uuid_g	string
detail_uuid_g_g	string
detail_uuid_g_g_g	string
detail_winEventId_d	real
detail_winEventId_d_s	string
detail_winEventId_s	string
detailcanType_s	string
detailcore_s	string
detailecondAct_s	string
detailecondActResult_s	string
detailenderGUID_g_s	string
detailenderGUID_s	string
detailenderIp_s	string
detailessionId_d	real
detailessionId_s	string
detailetectionName_s	string
detailetectionType_s	string
detaileverity_s	string
detaileviceGUID_g_s	string
detaileviceGUID_s	string
detaileviceType_s	string
detailirection_s	string
detailomainName_s	string
detailuid_s	string
detailuid_s_s	string
detailvchost_s	string
detectionTime_t	datetime
detectionTime_t_UTC__s	string
detectionTime_t_UTC_s	string
detectionTime_UTC__s	string
deviceType_d	real
endpoint_guid_g	string
endpoint_guid_g_g	string
endpoint_guid_g_g_g	string
endpoint_ips_s	string
endpoint_ips_s_s	string
endpoint_name_s	string
endpoint_name_s_s	string
endpointHostName_s	string
endpointIp_s	string
endpointMacAddress_s	string
entityName_s	string
entityName_s_s	string
entityType_s	string
entityType_s_s	string
eventHashId_s	string
eventId_s	string
eventSourceType_d	real
eventSubId_d	real
eventTime_d	real
filterRiskLevel_s	string
filters_s	string
filters_s_s	string
firstSeen_s	string
ingestionTime_t	datetime
integrityLevel_d	real
lastSeen_s	string
logonUser_s	string
ManagementGroupName	string
MG	string
MG_s	string
nativeDeviceCharacteristics_d	real
nativeDeviceType_d	real
nativeStorageDeviceBusType_d	real
objectAppName_s	string
objectAuthId_s	string
objectCmd_s	string
objectContentName_s	string
objectFileCreation_s	string
objectFileDaclString_s	string
objectFileHashId_s	string
objectFileHashMd5_g	string
objectFileHashSha1_s	string
objectFileHashSha256_s	string
objectFileModifiedTime_s	string
objectFilePath_s	string
objectFileSize_s	string
objectFirstSeen_s	string
objectHashId_s	string
objectIntegrityLevel_d	real
objectLastSeen_s	string
objectLaunchTime_s	string
objectName_s	string
objectPid_d	real
objectRawDataSize_s	string
objectRawDataStr_s	string
objectRegistryData_s	string
objectRegistryKeyHandle_s	string
objectRegistryRoot_d	real
objectRegistryValue_s	string
objectRegType_d	real
objectRunAsLocalAccount_b	bool
objectSessionId_s	string
objectSigner_s	string
objectSignerValid_s	string
objectSubTrueType_d	real
objectTrueType_d	real
objectUser_s	string
objectUserDomain_s	string
os_s	string
osDescription_s	string
osType_s	string
osVer_s	string
packageTraceId_g	string
parentAuthId_s	string
parentCmd_s	string
parentFileCreation_s	string
parentFileHashId_s	string
parentFileHashMd5_g	string
parentFileHashSha1_s	string
parentFileHashSha256_s	string
parentFileModifiedTime_s	string
parentFilePath_s	string
parentFileSize_s	string
parentHashId_s	string
parentIntegrityLevel_d	real
parentLaunchTime_s	string
parentName_s	string
parentPid_d	real
parentSessionId_d	real
parentSigner_s	string
parentSignerValid_s	string
parentTrueType_d	real
parentUser_s	string
parentUserDomain_s	string
pname_s	string
processCmd_s	string
processFileCreation_s	string
processFileModifiedTime_s	string
processFilePath_s	string
processFileSize_s	string
processHashId_s	string
processLaunchTime_s	string
processName_s	string
processPid_d	string
processSigner_s	real
processSignerValid_s	string
processTrueType_s	string
processUser_s	string
processUserDomain_s	string
productCode_s	string
RawData	string
searchDL_s	string
sessionId_d	string
source_s	real
SourceSystem	string
tags_s	string
TenantId	string
TimeGenerated	datetime
TimeGenerated_UTC__s	string
TimeGenerated_UTC_s	string
timezone_s	datetime
Type	string
Type_s	string
userDomain_s	string
uuid_g	string
version_s	string
xdrCustomerId_g	string
xdrCustomerId_g_g	string
xdrCustomerId_g_g_g	string

Solutions (1)

This table is used by the following solutions:

Trend Micro Vision One

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Trend Vision One

Content Items Using This Table (1)

Workbooks (1)

GitHub Only:

Workbook	Selection Criteria
Data_Latency_Workbook

Parsers Using This Table (2)

ASIM Parsers (2)

Parser	Schema	Product	Selection Criteria
ASimProcessCreateTrendMicroVisionOne	ProcessEvent	Trend Micro Vision One
ASimRegistryEventTrendMicroVisionOne	RegistryEvent	Trend Micro Vision One

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

TrendMicro_XDR_OAT_CL

Contents

Schema (591 columns)

Solutions (1)

Connectors (1)

Content Items Using This Table (1)

Workbooks (1)

Parsers Using This Table (2)

ASIM Parsers (2)