Agent Event Log Message

https://docs.trendmicro.com/o-help/ent/txone-sp/v1.1/en-us/txsp_one_ag_1.1.pdf

Agent Event Log Message

Base Rule

General Event Log Information

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

CEF: Version

 N/A

 N/A

CEF format version

Device Vendor

  N/A

 N/A

Device Vendor

Device Product

<vendorinfo>

Text/String

Device Product

Device Version

<version>

Text/String

Device Version

Device Event Class ID

<vmid>

Number

Event ID

Name

<object>

Text/String

Event category

Severity

<severity>

Number

LOG_CRIT: 2
LOG_WARNING: 4
LOG_INFO: 6

eventTime

 N/A

 N/A

StellarProtect format

msg

<subject>

Text/String

<string>

category

<objecttype>

Number

OPTION: 0
SYSTEM: 1
INTELLI_AV: 2
ANOMALY_DETECT: 3
CHANGE_CONTROL: 4
DEVICE_CONTROL: 5
MISC: 15

agentEndpoint

<sname>

Text/String

 N/A

agentIp

<sip>

IP Address

 N/A

agentLocation

 N/A

 N/A

 N/A

agentVendor

 N/A

 N/A

 N/A

agentModel

 N/A

 N/A

 N/A

agentOS

<useragent>

Text/String

 N/A

policy version

 N/A

 N/A

 N/A

desc

 N/A

 N/A

 N/A

policyVersion

 N/A

 N/A

 N/A

detailMsg

 N/A

 N/A

 N/A

targetProcess

 N/A

 N/A

 N/A

fileHash

<hash>

Text/String

 N/A

threatType

 N/A

 N/A

 N/A

threatName

<threatname>

Text/String

 N/A

filePath

 N/A

 N/A

 N/A

actionResult

<result>

Text/String

 N/A

quarantinePath

 N/A

 N/A

 N/A

obadMode

 N/A

 N/A

 N/A

obadLevel

 N/A

 N/A

 N/A

accessUser

 N/A

 N/A

 N/A

processId

<processid>

Number

 N/A

parentProcess1

 N/A

 N/A

 N/A

parentProcess2

 N/A

 N/A

 N/A

parentProcess3

 N/A

 N/A

 N/A

parentProcess4

 N/A

 N/A

 N/A

targetArguments

 N/A

 N/A

 N/A

parentArguments1

 N/A

 N/A

 N/A

parentArguments2

 N/A

 N/A

 N/A

parentArguments3

 N/A

 N/A

 N/A

parentArguments4

 N/A

 N/A

 N/A

blockedProcess

 N/A

 N/A

 N/A

targetFile

 N/A

 N/A

 N/A

vid

 N/A

 N/A

 N/A

pid

 N/A

 N/A

 N/A

sn

 N/A

 N/A

 N/A

accessImagePath

<parentprocesspath>

Text/String

 N/A

srcPath

 N/A

 N/A

 N/A

dstPath

 N/A

 N/A

 N/A

errCode

 N/A

 N/A

 N/A

patchFileName

 N/A

 N/A

 N/A

filePath

 N/A

 N/A

 N/A

type

 N/A

 N/A

 N/A

serverIP

<dip>

IP Address

 N/A