Skip to main content
Skip table of contents

LSO: Syslog - Trend Micro Apex One (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Trend Micro Apex One log source type. 

Vendor Documentation

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef.aspx

Prerequisites

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message TypeEvent Type
Attack Discovery DetectionsGeneral Attack Activity
Behavior Monitoring Log MessagesGeneral Behavior Information
CNC Callback And Suspicious Connection Log Message (Part-1)Suspicious Activity
Device Access Control Log MessagesGeneral Access Control Message
Engine Update Status LogGeneral Info Log Message
Intrusion Prevention Log MessagesThreat Blocked
Spyware Detected Log MessagesDetected Spyware Activity
Update Status LogPattern Update Event
Product Auditing EventsGeneral Auditing Message
Web Filter Log MessagesGeneral Web Filter Message
File Logging Information MessagesGeneral Logging Information
Antivirus Log MessagesGeneral Antivirus Information
CNC Callback And Suspicious Connection Log Message (Part-2)Suspicious Activity

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close