Skip to main content
Skip table of contents

Spyware Detected Log Messages

Vendor Documentation

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef.aspx

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef/cef-spywaregrayware-.aspx

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
N/A<severity>N/A
Header (pver)<version>N/A
Header (eventid)N/A<vmid>
Header (eventName)<vendorinfo>
<tag1>		N/A
Header (severity)<severity><severity>
cnt<amount><quantity>
dhost<dname>N/A
cs1<threatname><threatname>
cs2N/A<version>
cs5<action><action>
<tag1>
dvchostN/A<dname>
fname<object><object>
filePath<parentprocesspath>N/A
dst<dip><dip>
fileHashN/A<hash>
duser<account>N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub rules to appropriately parse log message types by their event types.

LogRhythm Default

Rule IDRule NameRule TypeClassificationCommon Event
1011397Spyware Detected Log MessagesBase RuleMalwareDetected Spyware Activity

LogRhythm Default v2.0

Rule IDRule NameRule TypeClassificationCommon Event
1012153V 2.0 : Spyware/Grayware EventBase RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : UnknownSub RuleOther SecurityGeneral Security
V 2.0 : Spyware/Grayware : Not ApplicableSub RuleOther SecurityGeneral Security
V 2.0 : Spyware/Grayware : File CleanedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spyware/Grayware : File DeletedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spyware/Grayware : File QuarantinedSub RuleActivityQuarantine
V 2.0 : Spyware/Grayware : File RenamedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : File PassedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : Unable To Clean File, PassedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spy/Grayware : Unable To Clean File, DeletedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spy/Grayware : Unable To Clean File, RenamedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spy/Grayware : Unable To Clean File, QuarantineSub RuleActivityQuarantine
V 2.0 : Spyware/Grayware : File DroppedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spy/Grayware : Unable To Clean File, StrippedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spyware/Grayware : File ReplacedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spyware/Grayware : File DroppedSub RuleFailed MalwareFailed Spyware Activity
V 2.0 : Spyware/Grayware : File ArchivedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : Blocked SuccessfullySub RuleFailed MalwareFailed Spyware Activity
V 2.0 :Spyware/Grayware : Quarantined SuccessfullySub RuleActivityQuarantine
V 2.0 : Spyware/Grayware : Stamped SuccessfullySub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : File UploadedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/Grayware : Access DeniedSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/ Grayware : No ActionSub RuleMalwareDetected Spyware Activity
V 2.0 : Spyware/ Grayware : Scan StoppedSub RuleInformationScan Stopped
V 2.0 : Spyware/ Grayware : EncryptedSub RuleActivityEncrypted Files Detected
V 2.0 : Spyware/ Grayware : UndefinedSub RuleActivityGeneral Activity
V 2.0 : Spyware/ Grayware : System RebootedSub RuleStartup and ShutdownSystem Restarted
V 2.0 : Spyware/Grayware : Action FailedSub RuleActivityGeneral Activity
V 2.0 : Spyware/Grayware : Action RequiredSub RuleActivityGeneral Activity
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close