Syslog - Apex One
Device Details
Vendor | Trend Micro |
|---|---|
Device Type | Endpoint Security Solution |
Supported Model Name/Number | N/A |
Supported Software Version | All |
Collection Method | Syslog |
Configurable Log Output | Yes |
Log Source Type | Syslog - Apex One |
Log Processing Policy | LogRhythm Default |
Exceptions | Only CEF format supported |
Additional Information |
Device Configuration Checklist
|
|
Currently Supported Log Types
Type | Version | Supported Schema Fields |
|---|---|---|
File Logging Information Messages | All | <severity>, <version>, <vendorinfo>, <threatname>, <dname>, <action>, <policy>, <reason>, <processid>, <sname>, <object>, <parentprocesspath>, <dip>, <hash> |
Behavior Monitoring Log Messages | All | <severity>, <version>, <vendorinfo>, <action>, <dname>, <policy>, <parentprocesspath>, <process>, <result>, <sname>, <sip> |
Device Access Control Log Messages | All | <severity>, <version>, <vendorinfo>, <action>, <sname>, <dname> , <process>, <object>, <command> |
Parsed Metadata Fields
| Device Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
| act | Action | Text/String |
| cat | ProcessID | Number/String |
| cn2 | Object | Text/String |
| cn3 | Command | Text/String |
| cs1 | Policy | Text/String |
| cs4 | ObjectType | Text/String |
| deviceFacility | ObjectName | Text/String |
| dhost | DName | Text/String |
| dst | DIP | IP Address |
| dvchost | SName | Text/String |
| dvchost | DName | Text/String |
| filehash | Hash | Text/String |
| filepath | Object/ParentProcessPath | Text/String |
| fname | Object | Text/String |
| severity | Severity | Text/String |
| sproc | ParentProcessPath/Process | Text/String |
| src | SIP | IP Address |
| threatname | ThreatName | Text/String |
| vendorinfo | VendorInfo | Text/String |
| version | Version | Number |
| vmid/deviceExternalId | VMID/VendorInfo | Number/Text/String |