TrendMicroCAS_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Contents

• Schema
• Solutions
• Connectors
• Content Items
• Parsers

Schema (30 columns)

Source: KQL validation test schema

Column Name	Type
event_s	string
log_item_id_g	string
message_action_result_s	string
message_action_s	string
message_affected_user_s	string
message_detected_by_s	string
message_detection_time_t	datetime
message_detection_type_s	string
message_file_name_s	string
message_file_sha1_s	string
message_file_sha256_s	string
message_file_upload_time_t	datetime
message_location_s	string
message_mail_message_delivery_time_t	datetime
message_mail_message_file_name_s	string
message_mail_message_id_g	string
message_mail_message_recipient_d	real
message_mail_message_sender_s	string
message_mail_message_subject_s	string
message_mail_message_submit_time_t	datetime
message_ransomware_name_s	string
message_risk_level_s	string
message_scan_type_s	string
message_security_risk_name_s	string
message_triggered_dlp_template_d	real
message_triggered_policy_name_s	string
message_triggered_security_filter_s	string
message_virus_name_s	string
service_s	string
TimeGenerated	datetime

Solutions (1)

This table is used by the following solutions:

• Trend Micro Cloud App Security

Connectors (1)

This table is ingested by the following connectors:

Connector	Selection Criteria
Trend Micro Cloud App Security

---

Content Items Using This Table (21)

Analytic Rules (10)

In solution Trend Micro Cloud App Security:

Analytic Rule	Selection Criteria
Trend Micro CAS - DLP violation
Trend Micro CAS - Infected user
Trend Micro CAS - Multiple infected users
Trend Micro CAS - Possible phishing mail
Trend Micro CAS - Ransomware infection
Trend Micro CAS - Ransomware outbreak
Trend Micro CAS - Suspicious filename
Trend Micro CAS - Threat detected and not blocked
Trend Micro CAS - Unexpected file on file share
Trend Micro CAS - Unexpected file via mail

Hunting Queries (10)

In solution Trend Micro Cloud App Security:

Hunting Query	Selection Criteria
Trend Micro CAS - DLP violations
Trend Micro CAS - Files received via email services
Trend Micro CAS - Files stored on cloud fileshare services
Trend Micro CAS - Infected files received via email
Trend Micro CAS - Ransomware threats
Trend Micro CAS - Rare files received via email services
Trend Micro CAS - Risky users
Trend Micro CAS - Security risk scan threats
Trend Micro CAS - Suspicious files on sharepoint
Trend Micro CAS - Virtual Analyzer threats

Workbooks (1)

In solution Trend Micro Cloud App Security:

Workbook	Selection Criteria
TrendMicroCAS

Parsers Using This Table (1)

Other Parsers (1)

Parser	Solution	Selection Criteria
TrendMicroCAS	Trend Micro Cloud App Security ⚠️

⚠️ Parsers marked with ⚠️ are not listed in their Solution JSON file.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index