McAfee (Trellix) · Schema

ThreatEvent

AntivirusCybersecurityEndpoint ProtectionSecurityThreat Intelligence

Properties

Name Type Description
AutoID integer Auto-incremented event ID
DetectedUTC string Detection time in UTC
ReceivedUTC string Time the event was received by ePO
ThreatName string Name of the detected threat
ThreatType string Type of threat (e.g., virus, trojan, PUP)
ThreatSeverity integer Severity level of the threat
ThreatActionTaken string Action taken on the threat (e.g., cleaned, deleted, quarantined)
SourceHostName string Hostname of the system where the threat was detected
SourceIPV4 string IPv4 address of the source system
TargetFileName string File path of the affected file
AnalyzerName string Name of the product that detected the threat
AnalyzerVersion string Version of the detecting product
View JSON Schema on GitHub

JSON Schema

mcafee-threatevent-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/ThreatEvent",
  "title": "ThreatEvent",
  "type": "object",
  "properties": {
    "AutoID": {
      "type": "integer",
      "description": "Auto-incremented event ID"
    },
    "DetectedUTC": {
      "type": "string",
      "format": "date-time",
      "description": "Detection time in UTC"
    },
    "ReceivedUTC": {
      "type": "string",
      "format": "date-time",
      "description": "Time the event was received by ePO"
    },
    "ThreatName": {
      "type": "string",
      "description": "Name of the detected threat"
    },
    "ThreatType": {
      "type": "string",
      "description": "Type of threat (e.g., virus, trojan, PUP)"
    },
    "ThreatSeverity": {
      "type": "integer",
      "description": "Severity level of the threat"
    },
    "ThreatActionTaken": {
      "type": "string",
      "description": "Action taken on the threat (e.g., cleaned, deleted, quarantined)"
    },
    "SourceHostName": {
      "type": "string",
      "description": "Hostname of the system where the threat was detected"
    },
    "SourceIPV4": {
      "type": "string",
      "description": "IPv4 address of the source system"
    },
    "TargetFileName": {
      "type": "string",
      "description": "File path of the affected file"
    },
    "AnalyzerName": {
      "type": "string",
      "description": "Name of the product that detected the threat"
    },
    "AnalyzerVersion": {
      "type": "string",
      "description": "Version of the detecting product"
    }
  }
}