Attachment Detection Messages

https://docs.trendmicro.com/o-help/ent/ddei/5.1/en-us/ddei_5.1_ag.pdf

Attachment Detection Messages

Base Rule

General Threat Message

Activity

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)

N/A

N/A

CEF format version.

Header (vendor)

N/A

N/A

Appliance vendor.

Header (pname)

N/A

N/A

Appliance product.

Header (pver

<version>

Text/String

Appliance version.

Header (eventid)

<vmid>

Number

Signature ID.

Header (eventName)

<vendorinfo>

Text/String

Description.

Header (severity)

<severity>

Number

Severity

• 2: Unavailable

• 4: Low

• 6: Medium

• 8: High

cs1

N/A

N/A

Threat name.

cs1Label

N/A

N/A

Threat name.

cs2

N/A

N/A

Internal email ID.

cs2Label

N/A

N/A

Internal email ID.

deviceExternalId

N/A

N/A

Appliance GUID.

dvc

<dip>

IP Address

Appliance IP address.

dvchost

<dname>

Text/String

Appliance host name.

dvcmac

<dmac>

Text/String

Appliance MAC address.

fileHash

<hash>

Text/String

SHA1.

fileType

<objecttype>

Text/String

True file type.

fname

<object>

Text/String

File name.

fsize

<size>

Number

File size.

rt

N/A

N/A

Log generation time.