Skip to main content
Skip table of contents

EVID : 1025 EPO - Infected File Cleaned

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

EVID : 1025 EPO - Infected File Cleaned

Base Rule

Operations : Information

General Virus Infected Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

MachineName

N/A

N/A

Name of the system hosting the detecting product.

AgentGUID

N/A

N/A

Unique identifier of the agent that forwarded the event.

IPAddress

<dip>

IP Address

IP address of the system hosting the detecting product (if given in the event).

OSName

N/A

N/A

N/A

AgentVersion

N/A

N/A

N/A

UserName

N/A

N/A

N/A

TimeZoneBias

N/A

N/A

N/A

RawMACAddress

<dmac>

Text/String

MAC address of the system hosting the detecting product.

ProductName

<vendorinfo>

Text/String

Name of the detecting managed product.

ProductVersion

<version>

Text/String/Number

Version number of the detecting product.

ProductFamily

N/A

N/A

N/A

Analyzer

N/A

N/A

N/A

AnalyzerName

N/A

N/A

Name of the detecting managed product.

AnalyzerVersion

N/A

N/A

Version number of the detecting product.

AnalyzerEngineVersion

N/A

N/A

Version number of the detecting product’s engine (if given in the event).

AnalyzerDetectionMethod

N/A

N/A

The name of the task or task type that was responsible for detecting the threat.

AnalyzerDATVersion

N/A

N/A

DAT version on the system that sent the event.

EventID

<vmid>

Number

Unique identifier of the event class.

Severity

N/A

N/A

N/A

GMTTime

N/A

N/A

N/A

LocalTime

N/A

N/A

N/A

ThreatCategory

<subject>

Text/String

Category of the event. Possible categories depend on the product.

ThreatEventID

N/A

N/A

Unique identifier of the event class.

ThreatSeverity

<severity>

Number

The severity of the detected threat as defined by each managed product.

ThreatName

<threatname>

Text/String

Name of the threat.

ThreatType

N/A

N/A

Class of the threat.

DetectedUTC

N/A

N/A

N/A

ThreatActionTaken

<action>

Text/String

The action taken by the product in response to the threat.

ThreatHandled

<result>

Text/String

Specifies whether the action taken was successful.

TargetUserName

<domainimpacted>
<account>

Text/String

The threat source user name or email address.

Target FileName

<object>

Text/String

Location of the threat on the detecting system.

target

N/A

N/A

N/A

BladeName

N/A

N/A

N/A

AnalyzerContentCreationDate

N/A

N/A

N/A

AnalyzerContentVersion

N/A

N/A

N/A

AnalyzerGTIQuery

N/A

N/A

N/A

ThreatDetectedOnCreation

N/A

N/A

N/A

TargetName

<objectname>

Text/String

N/A

TargetPath

N/A

N/A

N/A

TargetHash

<hash>

Text/String/Number

N/A

TargetFileSize

<size>

Number

N/A

Cleanable

N/A

N/A

N/A

TaskName

N/A

N/A

N/A

FirstAttemptedAction

N/A

N/A

N/A

FirstActionStatus

<status>

Text/String

N/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.