Notable Characteristics Event | LogRhythm Documentation

Vendor Documentation

https://docs.trendmicro.com/all/ent/ddd/v5.3/en-us/ddd_5.3_sg.pdf

Rule Name	Rule Type	Classification	Common Event
Notable Characteristics Event	Base Rule	Information	General Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Header (logVer)	N/A	N/A	CEF format version
Header (vendor)	N/A	N/A	Appliance vendor
Header (pname)	N/A	N/A	Appliance product
Header (pver)	N/A	N/A	Appliance version
Header (eventid)	N/A	N/A	Signature ID
Header (eventName)	<vendorinfo>	Text/String	Description
Header (severity)	<severity>	Number	Severity
cs1	N/A	N/A	Violated policy name
cs1Label	N/A	N/A	Violated policy name label
cs2	<policy>	Text/String	Violated event analysis
cs2Label	N/A	N/A	Violated event analysis label
deviceExternalId	N/A	N/A	Appliance GUID
dvc	N/A	N/A	Appliance IP address
dvchost	N/A	N/A	Appliance host name
dvcmac	N/A	N/A	Appliance MAC address
fileHash	<hash>	Text/String/Number	SHA1
fileType	<objecttype>	Text/String/Number	Real file type
fname	<object>	Text/String/Number	File name
fsize	<size>	Number	File size
msg	<subject>	Text/String/Number	Details
rt	N/A	N/A	Log generation time Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)