Skip to main content
Skip table of contents

File Analysis Events Messages

Vendor Documentation

https://docs.trendmicro.com/o-help/ent/ddei/5.1/en-us/ddei_5.1_ag.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

File Analysis Events Messages

Base Rule

General File Monitoring Event

Other Audit

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)

N/A

N/A

CEF format version.

Header (vendor)

N/A

N/A

Appliance vendor.

Header (pname)

N/A

N/A

Appliance product.

Header (pver

<version>

Text/String

Appliance version.

Header (eventid)

<vmid>

Number

Signature ID.

Header (eventName)

<vendorinfo>

Text/String

Description.

Header (severity)

<severity>

Number

Severity

  • 2: Unavailable

  • 4: Low

  • 6: Medium

  • 8: High

rt

N/A

N/A

Log generation time.

dvc

<dip>

IP Address

Appliance IP address.

dvchost

<dname>

Text/String

Appliance host name.

dvcmac

<dmac>

Text/String

Appliance MAC address.

deviceExternalId

N/A

N/A

Appliance GUID.

fname

<object>

Text/String

File name.

fileHash

<hash>

Text/String

SHA1.

fileType

<objecttype>

Text/String

True file type.

fsize

<size>

Number

File size.

cs1Label

N/A

N/A

Sandbox image type.

cs1

N/A

N/A

Sandbox image type.

cn1Label

<result>

Text/String

  • 0: GRID is not known good

  • 1: GRID is known good

cn1

N/A

N/A

Result of GRID/CSSS.

cn2Label

N/A

N/A

ROZ rating.

cn2

N/A

N/A

ROZ rating.

cs2Label

N/A

N/A

Malware name.

cs2

<threatname>

Text/String

Malware name.

cn3Label

N/A

N/A

  • 0: PCAP is not ready

  • 1: PCAP is ready

cn3

N/A

N/A

PCAP ready.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close