Update-Schema-OLH-to-v1.192.0

doc/Detections.yaml

@@ -1875,6 +1875,7 @@
   - sig
   - sca
   - szn
+  - scs
   Description_EN: The user principal name used to sign in to the proxy
   Sample:
   - sample_email@trendmicro.com
@@ -5196,6 +5197,60 @@
   DL_CommonKey:
   DL_Searchable: true
   DL_Aggregable: false
+- Name: actionName
+  ProductCode:
+  - scs
+  Description_EN: The action being taken
+  Sample:
+  - get
+  - list
+  - create
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceCategory
+  ProductCode:
+  - scs
+  Description_EN: The category of the object
+  Sample:
+  - roles
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceName
+  ProductCode:
+  - scs
+  Description_EN: The specific name of the object
+  Sample:
+  - pod-reader
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceNamespace
+  ProductCode:
+  - scs
+  Description_EN: The namespace where the referenced resource exists
+  Sample:
+  - default
+  - kube-system
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: requestDecision
+  ProductCode:
+  - scs
+  Description_EN: Whether the request was allowed or denied by the authorization
+    system
+  Sample:
+  - allow/deny
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
 - Name: ruleSetName
   ProductCode:
   - scs
@@ -6148,6 +6203,7 @@
   ProductCode:
   - sca
   - sem
+  - scs
   Description_EN: The network protocol response code
   Sample:
   - '302'

doc_v2/Cloud/Trend Vision One Container Security.yaml

@@ -977,6 +977,20 @@
   DL_CommonKey:
   DL_Searchable: true
   DL_Aggregable: false
+- Name: principalName
+  ProductCode:
+  - sws
+  - sig
+  - sca
+  - szn
+  - scs
+  Description_EN: The user principal name used to sign in to the proxy
+  Sample:
+  - sample_email@trendmicro.com
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
 - Name: detectionType
   ProductCode:
   - pdi
@@ -1377,6 +1391,60 @@
   DL_CommonKey:
   DL_Searchable: true
   DL_Aggregable: false
+- Name: actionName
+  ProductCode:
+  - scs
+  Description_EN: The action being taken
+  Sample:
+  - get
+  - list
+  - create
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceCategory
+  ProductCode:
+  - scs
+  Description_EN: The category of the object
+  Sample:
+  - roles
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceName
+  ProductCode:
+  - scs
+  Description_EN: The specific name of the object
+  Sample:
+  - pod-reader
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: resourceNamespace
+  ProductCode:
+  - scs
+  Description_EN: The namespace where the referenced resource exists
+  Sample:
+  - default
+  - kube-system
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
+- Name: requestDecision
+  ProductCode:
+  - scs
+  Description_EN: Whether the request was allowed or denied by the authorization
+    system
+  Sample:
+  - allow/deny
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false
 - Name: ruleSetName
   ProductCode:
   - scs
@@ -1488,6 +1556,19 @@
   DL_CommonKey:
   DL_Searchable: false
   DL_Aggregable: false
+- Name: respCode
+  ProductCode:
+  - sca
+  - sem
+  - scs
+  Description_EN: The network protocol response code
+  Sample:
+  - '302'
+  - '200'
+  DL_Type: string
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: true
 - Name: customAssetTags
   ProductCode:
   - xes

doc_v2/Email/Trend Micro Cloud App Security.yaml

@@ -510,6 +510,7 @@
   - sig
   - sca
   - szn
+  - scs
   Description_EN: The user principal name used to sign in to the proxy
   Sample:
   - sample_email@trendmicro.com
@@ -1056,6 +1057,7 @@
   ProductCode:
   - sca
   - sem
+  - scs
   Description_EN: The network protocol response code
   Sample:
   - '302'

doc_v2/Email/Trend Micro Email Security.yaml

@@ -805,6 +805,7 @@
   ProductCode:
   - sca
   - sem
+  - scs
   Description_EN: The network protocol response code
   Sample:
   - '302'

doc_v2/Network/Trend Micro Web Security.yaml

@@ -205,6 +205,7 @@
   - sig
   - sca
   - szn
+  - scs
   Description_EN: The user principal name used to sign in to the proxy
   Sample:
   - sample_email@trendmicro.com

doc_v2/Network/Zero Trust Secure Access - Internet Access.yaml

@@ -474,6 +474,7 @@
   - sig
   - sca
   - szn
+  - scs
   Description_EN: The user principal name used to sign in to the proxy
   Sample:
   - sample_email@trendmicro.com

doc_v2/Network/Zero Trust Secure Access - Private Access.yaml

@@ -302,6 +302,7 @@
   - sig
   - sca
   - szn
+  - scs
   Description_EN: The user principal name used to sign in to the proxy
   Sample:
   - sample_email@trendmicro.com

doc_v2/Others/Audit Log.yaml

@@ -0,0 +1,10 @@
+- Name: eventRawData
+  ProductCode:
+  - aal
+  Description_EN: The original event log string (JSON format)
+  Sample: '{"type":"audit","timestamp":"2020-02-20T08:10:01.904Z","serviceName":"uic","componentName":"backend","siteName":"us-east-1-xdr-eks-prod","customerId":"74b629cb-8fc6-4a1b-a00f-b5003ab9f0e3","identifier":{"id":"db09668d-9d85-42ee-946f-5f8d37f288b2","type":"managedAccount","name":"John
+    Smith","email":"john_smith@abc.com"},"userId":"db09668d-9d85-42ee-946f-5f8d37f288b2","user":"xdr-stg@trendmicro.com","roleId":"53a580c5-d952-43e1-8ce3-79eac4961ee6","role":"admin","sourceIp":"180.10.1.2","access":0,"category":"01","activity":"01","result":true,"triggerService":"awb","details":{"ipAddr":"10.0.0.1"}}'
+  DL_Type: dynamic
+  DL_CommonKey:
+  DL_Searchable: true
+  DL_Aggregable: false