Trellix · Schema

Trellix Threat

Schema for a threat detected by Trellix EDR

Cloud SecurityCybersecurityEndpoint SecurityThreat DetectionThreat IntelligenceXDR

Properties

Name	Type	Description
id	string	Unique threat identifier
name	string	Threat name or family
type	string	Threat type (malware, ransomware, exploit, etc.)
severity	string	Threat severity
status	string	Threat status
detectedAt	string	Detection timestamp
hostId	string	Affected host identifier
hostName	string	Affected host name
filePath	string	File path of the malicious object
hash	string	File hash (SHA256)
processName	string	Associated process name

View JSON Schema on GitHub

JSON Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/trellix/main/json-schema/trellix-threat-schema.json",
  "title": "Trellix Threat",
  "description": "Schema for a threat detected by Trellix EDR",
  "type": "object",
  "properties": {
    "id": { "type": "string", "description": "Unique threat identifier" },
    "name": { "type": "string", "description": "Threat name or family" },
    "type": { "type": "string", "description": "Threat type (malware, ransomware, exploit, etc.)" },
    "severity": { "type": "string", "enum": ["critical", "high", "medium", "low"], "description": "Threat severity" },
    "status": { "type": "string", "enum": ["active", "contained", "remediated", "investigating"], "description": "Threat status" },
    "detectedAt": { "type": "string", "format": "date-time", "description": "Detection timestamp" },
    "hostId": { "type": "string", "description": "Affected host identifier" },
    "hostName": { "type": "string", "description": "Affected host name" },
    "filePath": { "type": "string", "description": "File path of the malicious object" },
    "hash": { "type": "string", "description": "File hash (SHA256)" },
    "processName": { "type": "string", "description": "Associated process name" }
  },
  "required": ["id", "name", "severity"],
  "additionalProperties": true
}