Device Details
|
Device Name |
Trend Micro Apex One |
|---|---|
|
Vendor |
Trend Micro |
|
Device Type |
Endpoint Security Solution |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output |
Yes |
|
Log Source Type |
Syslog - Trend Micro Apex One |
|
Log Processing Policy |
LogRhythm Default 2.0 |
|
Exceptions |
Only CEF format supported |
|
Additional Information |
Device Configuration Checklist
|
Change Control Manager logging output to the CEF format. |
|
Use all other default configuration options. |
Supported Log Messages
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
V 2.0 : Attack Discovery Detection Event |
N/A |
<vmid>, <dname>, <dip>, <severity>, <policy>, <subject>, <domainimpacted> |
|
V 2.0 : Behavior Monitoring Event |
N/A |
<vmid>, <severity>, <policy>, <process>, <object>, <action>, <tag1>, <sname>, <sip>, <reason> |
|
V 2.0 : C&C Callback Event |
N/A |
<vmid>, <sip>, <domainorigin>, <policy>, <action>, <tag1>, <severity>, <url>, <dip>, <process>, <dname> |
|
V 2.0 : Content Security Event |
N/A |
<vmid>, <recipient>, <action>, <tag1>, <dname>, <severity>, <object>, <subject>, <sender>, <url>, <sip>, <reason> |
|
V 2.0 : Data Loss Prevention Event |
N/A |
<vmid>, <severity>, <policy>, <sip>, <smac>, <sname>, <login>, <url>, <sender>, <recipient>, <object>, <action>, <tag1>, <size> |
|
V 2.0 : Device Access Control Event |
N/A |
<vmid>, <severity>, <sname>, <sip>, <dname>, <process>, <object>, <action>, <tag1>, <domainimpacted>, <account> |
|
V 2.0 : Endpoint Application Control Event |
N/A |
<vmid>, <severity>, <sname>, <login>, <sip>, <hash>, <process>, <command>, <account>, <policy>, <action>, <tag1> |
|
V 2.0 : Engine Update Status Event |
N/A |
<vmid>, <severity>, <sname>, <sip>, <status>, <version> |
|
V 2.0 : Intrusion Prevention Event |
N/A |
<vmid>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <severity>, <policy>, <quantity>, <sname> |
|
V 2.0 : Managed Product Logon/Logoff Events |
N/A |
<vmid> <severity >, <dname >, <version >, <status >, <subject >, <login >, <sip> |
|
V 2.0 : Network Content Inspection Event |
N/A |
<vmid>, <severity>, <process>, <action>, <tag1>, <sip>, <dip>, <sport>, <dport>, <threatname>, <reason> |
|
V 2.0 : Pattern Update Status Event |
N/A |
<vmid>, <severity>, <dname>, <dip>, <status> |
|
V 2.0 : Predictive Machine Learning Event |
N/A |
<vmid>, <severity>, <threatname>, <dip>, <login>, <object>, <process>, <command>, <action>, <tag1>, <hash>, <reason> |
|
V 2.0 : Sandbox Detection Event |
N/A |
<vmid>, <dname>, <dip>, <process>, <hash>, <object>, <url>, <threatname>, <severity>, <subject>, <reason> |
|
V 2.0 : Spyware/Grayware Event |
N/A |
<vmid>, <severity>, <quantity>, <threatname>, <version>, <action>, <tag1>, <dname>, <object>, <dip>, <hash> |
|
V 2.0 : Suspicious File Event |
N/A |
<vmid>, <severity>, <version>, <dip>, <dname>, <objecttype>, <hash>, <object>, <action>, <tag1>, <reason> |
|
V 2.0 : Virus/Malware Logs |
N/A |
<vmid>, <threatname>, <severity>, <quantity>, <dname>, <account>, <action>, <tag1>, <version>, <result>, <object>, <subject>, <sname>, <login>, <dip>, <hash>, <reason> |
|
V 2.0 : Web Security Event |
N/A |
<vmid>, <severity>, <protnum>, <quantity>, <dport>, <action>, <tag1>, <sip>, <policy>, <subject>, <object>, <url>, <domainimpacted>, <account>, <sname>, <reason>, <process>, <dip>, <responsecode> |
|
V 2.0 : Product Auditing Event |
N/A |
<vendorinfo>, <vmid>, <severity>, <login>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <protnum> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
N/A |
N/A |
Documentation |
New LSO Default V 2.0 document update |