Skip to main content
Skip table of contents

LSO : Syslog - FireEye MPS (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Tanium log source type. 

Vendor Documentation


Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message TypeEvent Type
Action Log MessagesCommand Executed
Application Process InformationGeneral Application Information
Archiver MessagesArchive Message
AUTO-INIT Process InformationGeneral Process Information
AVC Process SIGCHLDCurrent Process
AVC PVNA CC InfoHost Information Added
AVC SIGCHLD : Process ExitedProcess/Service Stopped
AVC StatisticsGeneral Performance Statistics
AVC Work OrderConfiguration Modified : System
Behavioral Analysis Logic Engine MessageContent Analysis Queue Message
Catch All: Level 1General Information
Central Management Console MessageManagement Console Connected
CMS Messages - DeprecatedDetected Malware Activity
CMS Messages - Domain MatchUnauthorized Website
CMS Messages - Infection MatchDetected Virus Activity
CMS Messages - Malware CallbackDetected Malware Activity
CMS Messages - Malware ObjectDetected Malware Activity
CMS Messages - Riskware ObjectPossible Malware Activity
CMS Messages - Web InfectionDetected Virus Activity
CMS/MPS Messages - Ips-EventPossible Malware Activity
Command Line Interface MessageSSH Command Line Interface Message
Configuration/Enable ModeEntering Enable Mode
Curl MessagesGeneral Process Information
ETP MessagesDetected Malware Activity
FENET MessagesUpdater Message
File Network InformationFile Information Obtained
General Thread InformationGeneral Thread Information
Graveyard Sweep MessagePerforming Cleanup
HX MessagesGeneral Firewall Log
Initialized ServiceGeneral Process Information
KERNEL MessagesKernel Information
Last Message RepeatedLast Message Repeated
Licensing MessagesLicense Info
Linux Process MessagesSystem Information-Only Event
Linux Superuser MessagesGeneral Sudo Command
Loaded ConfigsConfiguration Loaded : System
Malicious EmailPossible Malware Activity
Malware Object InformationDetected Malware Activity
Management Config ChangeConfiguration Modified : System
Management MessagesEntering Enable Mode
MCE Error MessageGeneral Processor Error
MPS Malware Activity - DepreciatedDetected Malware Activity
MPS MessagesDetected Malware Activity
Network HTTPD ActivityHTTPD Information
Notify MessageFireEye Notification
RGP Job InformationJob Change General Information
SC-Upload MessagesGeneral Information-Only Event
Taskernode InformationInternal Communication Information
Threat MessagesDetected Malware Activity
VMMD Process InformationGeneral Process Information
VXE MessagesGeneral IPS Message

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.