Trellix NX Alert
Trellix Network Security Event
| Type | Field | Display Name | Description |
|---|---|---|---|
| DATE | _time | Time | |
| STRING | risk | Risk | |
| STRING | device_host | Device Name | |
| IP | device_ip | Device IP | |
| IP | src_ip | Source IP | |
| PORT | src_port | Source Port | |
| IP | dst_ip | Destination IP | |
| PORT | dst_port | Destination Port | |
| STRING | protocol | Protocol | |
| STRING | category | Category | |
| STRING | signature | Attack Name | |
| STRING | action | Action | |
| STRING | method | Method | |
| STRING | user_agent | User Agent | |
| STRING | cnc_host | C2 Host | |
| PORT | cnc_port | C2 Port | |
| STRING | raw_data | Details | |
| STRING | file_type | File Type | |
| STRING | file_name | File Name | |
| LONG | file_size | File Size | |
| STRING | file_path | File Path | |
| MD5 | md5 | MD5 | |
| SHA256 | sha256 | SHA256 | |
| STRING | os_name | Operating System | |
| STRING | src_process | Source Process | |
| STRING | cve | CVE | |
| STRING | src_mac | Source MAC | |
| STRING | dst_mac | Destination MAC | |
| STRING | device_payload_id | Payload ID | |
| STRING | link | Link | |
| STRING | vt_md5_url | MD5 Analysis | |
| STRING | vt_sha256_url | SHA256 Analysis |