Skip to main content
Skip table of contents

Syslog - Trend Micro Apex One

Device Details

Device Name

Trend Micro Apex One

Vendor

Trend Micro

Device Type

Endpoint Security Solution

Supported Model Name/Number

N/A

Supported Software Version

All

Collection Method

Syslog

Configurable Log Output

Yes

Log Source Type

Syslog - Trend Micro Apex One

Log Processing Policy

LogRhythm Default 2.0

Exceptions

Only CEF format supported

Additional Information

Supported Log Types and Formats

CEF Data Loss Prevention Logs

Apex Central 2019 - Best Practice Guide

Device Configuration Checklist

Change Control Manager logging output to the CEF format.

Use all other default configuration options.

Supported Log Messages

Type

Product Version

Supported Schema Fields

V 2.0 : Attack Discovery Detection Event 

N/A

<vmid>, <dname>, <dip>, <severity>, <policy>, <subject>, <domainimpacted>

V 2.0 : Behavior Monitoring Event

N/A

<vmid>, <severity>, <policy>, <process>, <object>, <action>, <tag1>, <sname>, <sip>, <reason>

V 2.0 : C&C Callback Event

N/A

<vmid>, <sip>, <domainorigin>, <policy>, <action>, <tag1>, <severity>, <url>, <dip>, <process>, <dname>

V 2.0 : Content Security Event

N/A

<vmid>, <recipient>, <action>, <tag1>, <dname>, <severity>, <object>, <subject>, <sender>, <url>, <sip>, <reason>

V 2.0 : Data Loss Prevention Event

N/A

<vmid>, <severity>, <policy>, <sip>, <smac>, <sname>, <login>, <url>, <sender>, <recipient>, <object>, <action>, <tag1>, <size>

V 2.0 : Device Access Control Event

N/A

<vmid>, <severity>, <sname>, <sip>, <dname>, <process>, <object>, <action>, <tag1>, <domainimpacted>, <account>

V 2.0 : Endpoint Application Control Event

N/A

<vmid>, <severity>, <sname>, <login>, <sip>, <hash>, <process>, <command>, <account>, <policy>, <action>, <tag1>

V 2.0 : Engine Update Status Event

N/A

<vmid>, <severity>, <sname>, <sip>, <status>, <version>

V 2.0 : Intrusion Prevention Event

N/A

<vmid>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <severity>, <policy>, <quantity>, <sname>

V 2.0 : Managed Product Logon/Logoff Events

N/A

<vmid> <severity >, <dname >, <version >, <status >, <subject >, <login >, <sip>

V 2.0 : Network Content Inspection Event

N/A

<vmid>, <severity>, <process>, <action>, <tag1>, <sip>, <dip>, <sport>, <dport>, <threatname>, <reason>

V 2.0 : Pattern Update Status Event

N/A

<vmid>, <severity>, <dname>, <dip>, <status>

V 2.0 : Predictive Machine Learning Event

N/A

<vmid>, <severity>, <threatname>, <dip>, <login>, <object>, <process>, <command>, <action>, <tag1>, <hash>, <reason>

V 2.0 : Sandbox Detection Event

N/A

<vmid>, <dname>, <dip>, <process>, <hash>, <object>, <url>, <threatname>, <severity>, <subject>, <reason>

V 2.0 : Spyware/Grayware Event

N/A

<vmid>, <severity>, <quantity>, <threatname>, <version>, <action>, <tag1>, <dname>, <object>, <dip>, <hash>

V 2.0 : Suspicious File Event

N/A

<vmid>, <severity>, <version>, <dip>, <dname>, <objecttype>, <hash>, <object>, <action>, <tag1>, <reason>

V 2.0 : Virus/Malware Logs

N/A

<vmid>, <threatname>, <severity>, <quantity>, <dname>, <account>, <action>, <tag1>, <version>, <result>, <object>, <subject>, <sname>, <login>, <dip>, <hash>, <reason>

V 2.0 : Web Security Event

N/A

<vmid>, <severity>, <protnum>, <quantity>, <dport>, <action>, <tag1>, <sip>, <policy>, <subject>, <object>, <url>, <domainimpacted>, <account>, <sname>, <reason>, <process>, <dip>, <responsecode>

V 2.0 : Product Auditing Event

N/A

<vendorinfo>, <vmid>, <severity>, <login>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <protnum>

Revision History

KB Version

Log Type

Change Type

Details

N/A

N/A

Documentation

New LSO Default V 2.0 document update

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.