{"id":22497421,"url":"https://github.com/trendmicro/tm-v1-schema","last_synced_at":"2025-03-27T21:27:42.306Z","repository":{"id":266000222,"uuid":"877812150","full_name":"trendmicro/tm-v1-schema","owner":"trendmicro","description":"Welcome to the official Git repository for Trend Vision One log schema documentation. This repository provides essential log schema details and data mapping information for Trend Vision One users.","archived":false,"fork":false,"pushed_at":"2025-03-20T06:56:24.000Z","size":218,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-20T07:38:55.991Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trendmicro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-24T09:32:57.000Z","updated_at":"2025-03-20T06:56:28.000Z","dependencies_parsed_at":"2025-01-24T11:22:25.480Z","dependency_job_id":"6201984c-7f2c-46e2-a605-ecda24e29b8c","html_url":"https://github.com/trendmicro/tm-v1-schema","commit_stats":null,"previous_names":["trendmicro/tm-v1-schema"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftm-v1-schema","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftm-v1-schema/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftm-v1-schema/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trendmicro%2Ftm-v1-schema/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trendmicro","download_url":"https://codeload.github.com/trendmicro/tm-v1-schema/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245926446,"owners_count":20695050,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-06T20:19:18.337Z","updated_at":"2025-03-27T21:27:42.283Z","avatar_url":"https://github.com/trendmicro.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Preview\n- This document is still in preview and Trend Micro does not guarantee any backward compatibility.\n\n# Background\n- These documents provide Trend Vision One log schema details.\n\n# User scenario\n- Currently, these documents only support the following use cases:\n 1. Trend Vision One Search app general and advanced search\n\n# Property Description\n| Property | Description |\n|----------------|------------------------------------------------|\n| Name | The log field name |\n| ProductCode | The products which send data to this field |\n| Description_EN | The field description |\n| Sample | The sample values of the field |\n| DL_Searchable | Whether logs are searchable by this field |\n| DL_Type | The field data type |\n| DL_CommonKey | The corresponding field name in General Search |\n\n# ProductCode Mapping\n| Code | Product |\n|------|-----------------------------------------------------------|\n| ALL | All products |\n| aad | Microsoft Entra ID |\n| ams | Trend Vision One Mobile Security |\n| opa | Microsoft Active Directory |\n| pao | Trend Micro Apex One |\n| pdi | Trend Micro Deep Discovery Inspector |\n| pds | Trend Micro Deep Security |\n| ptn | TXOne EdgeOne (on-premises) |\n| ptp | TippingPoint Security Management System |\n| pts | TXOne Stellar (on-premises) |\n| qpf | Palo Alto Networks Next-Generation Firewalls |\n| sao | Trend Micro Apex One as a Service |\n| sca | Trend Micro Cloud App Security |\n| scs | Trend Cloud One - Container Security |\n| sct | Trend Cloud One - AWS CloudTrail |\n| sds | Trend Cloud One - Endpoint \u0026 Workload Security |\n| sem | Trend Micro Email Security |\n| sfc | Trend Cloud One – File Storage Security |\n| sfs | Trend Vision One File Security |\n| sig | Trend Vision One Zero Trust Secure Access Internet Access |\n| sna | XDR add-on: Deep Discovery Inspector |\n| sss | Trend Cloud One - Cloud Sentry |\n| stp | Trend Cloud One - Network Security |\n| sws | Trend Micro Web Security |\n| szn | Trend Vision One Zero Trust Secure Access Private Access |\n| vpc | XDR for Cloud - AWS VPC Flow Logs |\n| xca | Collaboration Sensor |\n| xes | XDR Endpoint Sensor |\n| xms | Email Sensor |\n| xns | Virtual Network Sensor |\n\n# EventId, EventSubId Mapping\n## eventId\n| eventId | Event Type |\n|---------|----------------------------|\n| 1 | TELEMETRY_PROCESS |\n| 2 | TELEMETRY_FILE |\n| 3 | TELEMETRY_CONNECTION |\n| 4 | TELEMETRY_DNS |\n| 5 | TELEMETRY_REGISTRY |\n| 6 | TELEMETRY_ACCOUNT |\n| 7 | TELEMETRY_INTERNET |\n| 8 | TELEMETRY_MODIFIED_PROCESS |\n| 9 | TELEMETRY_WINDOWS_HOOK |\n| 10 | TELEMETRY_WINDOWS_EVENT |\n| 11 | TELEMETRY_AMSI |\n| 12 | TELEMETRY_WMI |\n| 13 | TELEMETRY_MEMORY |\n| 14 | TELEMETRY_BM |\n| 15 | TELEMETRY_APP |\n| 16 | TELEMETRY_SYSTEM_EVENT |\n| 17 | TELEMETRY_EVENT_PIPE |\n| 18 | TELEMETRY_MAC_SYS_LOG |\n| 19 | TELEMETRY_DDR |\n| 101 | TELEMETRY_ASSOCIATION |\n\n## eventSubId\n| eventSubId | Event Sub-Type |\n|------------|------------------------------------------------|\n| 0 | TELEMETRY_NONE |\n| 1 | TELEMETRY_PROCESS_OPEN |\n| 2 | TELEMETRY_PROCESS_CREATE |\n| 3 | TELEMETRY_PROCESS_TERMINATE |\n| 4 | TELEMETRY_PROCESS_LOAD_IMAGE |\n| 5 | TELEMETRY_PROCESS_EXECUTE |\n| 6 | TELEMETRY_PROCESS_CONNECT |\n| 7 | TELEMETRY_PROCESS_TRACME |\n| 8 | TELEMETRY_PROCESS_LOAD_KERNEL_IMAGE |\n| 101 | TELEMETRY_FILE_CREATE |\n| 102 | TELEMETRY_FILE_OPEN |\n| 103 | TELEMETRY_FILE_DELETE |\n| 104 | TELEMETRY_FILE_SET_SECURITY |\n| 105 | TELEMETRY_FILE_COPY |\n| 106 | TELEMETRY_FILE_MOVE |\n| 107 | TELEMETRY_FILE_CLOSE |\n| 108 | TELEMETRY_FILE_MODIFY_TIMESTAMP |\n| 109 | TELEMETRY_FILE_MODIFY |\n| 110 | TELEMETRY_FILE_SET_ATTRIBUTES |\n| 111 | TELEMETRY_FILE_ENUMERATE |\n| 112 | TELEMETRY_FILE_SET_EXTENDED_ATTRIBUTE |\n| 113 | TELEMETRY_FILE_DELETE_EXTENDED_ATTRIBUTE |\n| 201 | TELEMETRY_CONNECTION_CONNECT |\n| 202 | TELEMETRY_CONNECTION_LISTEN |\n| 203 | TELEMETRY_CONNECTION_CONNECT_INBOUND |\n| 204 | TELEMETRY_CONNECTION_CONNECT_OUTBOUND |\n| 301 | TELEMETRY_DNS_QUERY |\n| 401 | TELEMETRY_REGISTRY_CREATE |\n| 402 | TELEMETRY_REGISTRY_SET |\n| 403 | TELEMETRY_REGISTRY_DELETE |\n| 404 | TELEMETRY_REGISTRY_RENAME |\n| 405 | TELEMETRY_REGISTRY_ENUMERATE |\n| 406 | TELEMETRY_REGISTRY_ENUMERATEVALUE |\n| 407 | TELEMETRY_REGISTRY_QUERYVALUE |\n| 408 | TELEMETRY_REGISTRY_SAVE |\n| 501 | TELEMETRY_ACCOUNT_ADD |\n| 502 | TELEMETRY_ACCOUNT_DELETE |\n| 503 | TELEMETRY_ACCOUNT_IMPERSONATE |\n| 504 | TELEMETRY_ACCOUNT_MODIFY |\n| 505 | TELEMETRY_ACCOUNT_LOGIN |\n| 506 | TELEMETRY_ACCOUNT_LOGOUT |\n| 601 | TELEMETRY_INTERNET_OPEN |\n| 602 | TELEMETRY_INTERNET_CONNECT |\n| 603 | TELEMETRY_INTERNET_DOWNLOAD |\n| 701 | TELEMETRY_MODIFIED_PROCESS_CREATE_REMOTETHREAD |\n| 702 | TELEMETRY_MODIFIED_PROCESS_WRITE_MEMORY |\n| 703 | TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS |\n| 704 | TELEMETRY_MODIFIED_PROCESS_READ_PROCESS |\n| 705 | TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS_NAME |\n| 801 | TELEMETRY_WINDOWS_HOOK_SET |\n| 901 | TELEMETRY_AMSI_EXECUTE |\n| 1001 | TELEMETRY_MEMORY_MODIFY |\n| 1002 | TELEMETRY_MEMORY_MODIFY_PERMISSION |\n| 1003 | TELEMETRY_MEMORY_READ |\n| 1101 | TELEMETRY_BM_INVOKE |\n| 1102 | TELEMETRY_BM_INVOKE_API |\n| 1201 | TELEMETRY_APP_START |\n| 1202 | TELEMETRY_APP_STOP |\n| 1203 | TELEMETRY_APP_INSTALL |\n| 1204 | TELEMETRY_APP_UNINSTALL |\n| 1205 | TELEMETRY_APP_BEHAVIOR |\n| 1301 | TELEMETRY_SYSTEM_EVENT_ENABLE |\n| 1302 | TELEMETRY_SYSTEM_EVENT_DISABLE |\n| 1303 | TELEMETRY_SYSTEM_CERTIFICATION_INSTALL |\n| 1304 | TELEMETRY_SYSTEM_DEVICE_ROOTED |\n| 1401 | TELEMETRY_PIPE_CREATE |\n| 1402 | TELEMETRY_PIPE_CONNECT |\n| 1601 | TELEMETRY_MAC_SYS_LOG_COLLECT |\n| 1701 | TELEMETRY_DDR_FILE_COPY |\n| 1702 | TELEMETRY_DDR_FILE_MOVE |\n| 1703 | TELEMETRY_DDR_FILE_RENAME |\n| 1704 | TELEMETRY_DDR_FILE_MODIFY |\n| 1705 | TELEMETRY_DDR_FILE_DELETE |\n| 1706 | TELEMETRY_DDR_FILE_UNZIP |\n| 1707 | TELEMETRY_DDR_FILE_ZIP |\n| 1708 | TELEMETRY_DDR_FILE_UPLOAD |\n| 1709 | TELEMETRY_DDR_FILE_DOWNLOAD |\n| 1710 | TELEMETRY_DDR_FILE_PRINT |\n| 10101 | TELEMETRY_ASSOCIATION_PROCESS_IMAGE_FILE |\n| 10102 | TELEMETRY_ASSOCIATION_AUTO_RUN_KEY_FULL_PATH |\n| 10103 | TELEMETRY_ASSOCIATION_HOST_PROC_CMD_FULL_PATH |\n| 10104 | TELEMETRY_ASSOCIATION_SERVICE_DLL |\n| 10105 | TELEMETRY_ASSOCIATION_ARCHIVE_FILE |\n| 10106 | TELEMETRY_ASSOCIATION_BROWSER_PROCESS |","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendmicro%2Ftm-v1-schema","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrendmicro%2Ftm-v1-schema","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendmicro%2Ftm-v1-schema/lists"}