Trellix Threat Structure
JSON Structure for a Trellix EDR threat object
Type: object
Properties: 0
Cloud SecurityCybersecurityEndpoint SecurityThreat DetectionThreat IntelligenceXDR
Trellix Threat Structure is a JSON Structure definition published by Trellix.
{
"title": "Trellix Threat Structure",
"description": "JSON Structure for a Trellix EDR threat object",
"type": "object",
"fields": [
{ "name": "id", "type": "string", "required": true, "description": "Unique threat identifier" },
{ "name": "name", "type": "string", "required": true, "description": "Threat name or family" },
{ "name": "type", "type": "string", "required": false, "description": "Threat type" },
{ "name": "severity", "type": "enum[critical,high,medium,low]", "required": true, "description": "Threat severity level" },
{ "name": "status", "type": "enum[active,contained,remediated,investigating]", "required": false, "description": "Threat status" },
{ "name": "detectedAt", "type": "date-time", "required": false, "description": "Detection timestamp" },
{ "name": "hostId", "type": "string", "required": false, "description": "Affected host identifier" },
{ "name": "hostName", "type": "string", "required": false, "description": "Affected host name" },
{ "name": "filePath", "type": "string", "required": false, "description": "File path of malicious object" },
{ "name": "hash", "type": "string", "required": false, "description": "SHA256 file hash" },
{ "name": "processName", "type": "string", "required": false, "description": "Associated process name" }
]
}