This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Trend Micro Apex One log source type.
Vendor Documentation
Prerequisites
-
Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
-
Enable the new MPE rules in the LogRhythm System Monitor.
-
Select log source type Syslog - Trend Micro Apex One.
-
Enable log processing policy LogRhythm Default v2.0.
For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.
-
Supported Log Messages
The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.
|
Log Message Type |
Event Type |
|---|---|
|
Attack Discovery Detections |
General Attack Activity |
|
Behavior Monitoring Log Messages |
General Behavior Information |
|
CNC Callback And Suspicious Connection Log Message (Part-1) |
Suspicious Activity |
|
Device Access Control Log Messages |
General Access Control Message |
|
Engine Update Status Log |
General Info Log Message |
|
Intrusion Prevention Log Messages |
Threat Blocked |
|
Spyware Detected Log Messages |
Detected Spyware Activity |
|
Update Status Log |
Pattern Update Event |
|
Product Auditing Events |
General Auditing Message |
|
Web Filter Log Messages |
General Web Filter Message |
|
File Logging Information Messages |
General Logging Information |
|
Antivirus Log Messages |
General Antivirus Information |
|
CNC Callback And Suspicious Connection Log Message (Part-2) |
Suspicious Activity |
Log Processing Policy Updates
This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.
Updates to AIE Rules
-
No changes
Updates to System Reports
-
No changes
Updates to System Investigations
-
No changes
Updates to System Report Templates
-
No changes
Updates to System Tails
-
No changes