EVID 1092, 1095 : Behavior Messages

http://b2b-download.mcafee.com/products/naibeta-download/epo_510/epo_510_onprembeta1_installationguide.pdf

EVID 1092, 1095 : Behavior Messages

Base Rule

Information

General Information Log Message

ePO - Access Protection Violation Blocked

Sub Rule

Security : Failed Activity

Threat Blocked

ePO - Access Protection Violation Not Blocked

Sub Rule

Security : Activity

General Threat Message

MachineName

<dname>

Text/String

Name of the system hosting the detecting product.

AgentGUID

N/A

N/A

Unique identifier of the agent that forwarded the event.

IPAddress

<dip>

IP Address

IP address of the system hosting the detecting product (if given in the event).

OSName

N/A

N/A

N/A

UserName

<domainimpacted>
<account>

Text/String

N/A

TimeZoneBias

N/A

N/A

N/A

RawMACAddress

<dmac>

Text/String

MAC address of the system hosting the detecting product.

ProductName

<vendorinfo>

Text/String

Name of the detecting managed product.

ProductVersion

<version>

Text/String/Number

Version number of the detecting product.

ProductFamily

N/A

N/A

N/A

EngineVersion

N/A

N/A

Version number of the detecting product’s engine

DATVersion

N/A

N/A

DAT version on the system that sent the event.

ScannerType

N/A

N/A

N/A

TaskName

N/A

N/A

N/A

ProductFamily

N/A

N/A

N/A

ProductName

N/A

N/A

Name of the detecting managed product.

ProductVersion

N/A

N/A

Version number of the detecting product.

EventID

<vmid>

Number

Unique identifier of the event class.

Severity

<severity>

Number

N/A

GMTTime

N/A

N/A

N/A

UTCTime

N/A

N/A

N/A

RuleName

<policy>

Text/String

N/A

ProcessName

<process>

Text/String

N/A

FileName

<object>

Text/String

N/A

Source

N/A

N/A

N/A

ActionsBlocked

N/A

N/A

N/A

szActionsBlocked

N/A

N/A

N/A