Skip to main content
Skip table of contents

Attachment Detection Messages

Vendor Documentation

https://docs.trendmicro.com/o-help/ent/ddei/5.1/en-us/ddei_5.1_ag.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

Attachment Detection Messages

Base Rule

General Threat Message

Activity

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)

N/A

N/A

CEF format version.

Header (vendor)

N/A

N/A

Appliance vendor.

Header (pname)

N/A

N/A

Appliance product.

Header (pver

<version>

Text/String

Appliance version.

Header (eventid)

<vmid>

Number

Signature ID.

Header (eventName)

<vendorinfo>

Text/String

Description.

Header (severity)

<severity>

Number

Severity

  • 2: Unavailable

  • 4: Low

  • 6: Medium

  • 8: High

cs1

N/A

N/A

Threat name.

cs1Label

N/A

N/A

Threat name.

cs2

N/A

N/A

Internal email ID.

cs2Label

N/A

N/A

Internal email ID.

deviceExternalId

N/A

N/A

Appliance GUID.

dvc

<dip>

IP Address

Appliance IP address.

dvchost

<dname>

Text/String

Appliance host name.

dvcmac

<dmac>

Text/String

Appliance MAC address.

fileHash

<hash>

Text/String

SHA1.

fileType

<objecttype>

Text/String

True file type.

fname

<object>

Text/String

File name.

fsize

<size>

Number

File size.

rt

N/A

N/A

Log generation time.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close