Device Details
|
Vendor |
Trend Micro |
|---|---|
|
Device Type |
Endpoint Security Solution |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output |
Yes |
|
Log Source Type |
Syslog - Apex One |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
Only CEF format supported |
|
Additional Information |
Device Configuration Checklist
|
|
Currently Supported Log Types
|
Type |
Version |
Supported Schema Fields |
|---|---|---|
|
File Logging Information Messages |
All |
<severity>, <version>, <vendorinfo>, <threatname>, <dname>, <action>, <policy>, <reason>, <processid>, <sname>, <object>, <parentprocesspath>, <dip>, <hash> |
|
Behavior Monitoring Log Messages |
All |
<severity>, <version>, <vendorinfo>, <action>, <dname>, <policy>, <parentprocesspath>, <process>, <result>, <sname>, <sip> |
|
Device Access Control Log Messages |
All |
<severity>, <version>, <vendorinfo>, <action>, <sname>, <dname> , <process>, <object>, <command> |
Parsed Metadata Fields
|
Device Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
act |
Action |
Text/String |
|
cat |
ProcessID |
Number/String |
|
cn2 |
Object |
Text/String |
|
cn3 |
Command |
Text/String |
|
cs1 |
Policy |
Text/String |
|
cs4 |
ObjectType |
Text/String |
|
deviceFacility |
ObjectName |
Text/String |
|
dhost |
DName |
Text/String |
|
dst |
DIP |
IP Address |
|
dvchost |
SName |
Text/String |
|
dvchost |
DName |
Text/String |
|
filehash |
Hash |
Text/String |
|
filepath |
Object/ParentProcessPath |
Text/String |
|
fname |
Object |
Text/String |
|
severity |
Severity |
Text/String |
|
sproc |
ParentProcessPath/Process |
Text/String |
|
src |
SIP |
IP Address |
|
threatname |
ThreatName |
Text/String |
|
vendorinfo |
VendorInfo |
Text/String |
|
version |
Version |
Number |
|
vmid/deviceExternalId |
VMID/VendorInfo |
Number/Text/String |