Account Audit Log Messages

https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-account-audit-logs

https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef

Account Audit Log Messages

Base Rule

General Audit Messages

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

datetime

N/A

N/A

Local time in the format: "MMM dd yyyy HH:mm:ss"

host

N/A

N/A

Hostname without the domain information

Version

N/A

N/A

CEF format version, current CEF version is 0

Device Vendor

N/A

N/A

Appliance vendor

Device Product

<vendorinfo>

Text/String

Appliance product

Device Version

<version>

Text/String

Appliance version

Device Event Class ID

<vmid>

Number

A unique identifier per event-type. This can be a string or an integer Workbench OR OAT

Name

<objecttype>

Text/String

A string representing a human-readable and understandable description of the event

Severity

<severity>

Number

Importance of the event
2: Info

cat

<object>

Text/String

category

cs1

<account>

Text/String

Account

cs1Label

N/A

N/A

Corresponding label for the cs1 field

cs2

N/A

N/A

Role

cs2Label

N/A

N/A

Corresponding label for the cs2 field

cs3

<action>

Text/String

Activity

cs3Label

N/A

N/A

Corresponding label for the cs3 field

cn1

<result>

Number

Result
Note: Possible values include:
1: Success
0: Fail

cn1Label

N/A

N/A

Corresponding label for the cn1 field

cn2

N/A

N/A

Source
Note: Possible values include:
0: Console
1: API

cn2Label

N/A

N/A

Corresponding label for the cn2 field

msg

<subject>

Text/String

Details
Note: Message is in JSON format, and is truncated if exceeding the maximum length of 1000 characters.

sender

<sender>

Text/String

N/A

recipient

<recipient>

Text/String

N/A

rt

N/A

N/A

Logged time

TrendMicroV1CompanyID

N/A

N/A

Company ID