Syslog - Trend Micro Apex One
Device Details
Device Name | Trend Micro Apex One |
|---|---|
Vendor | Trend Micro |
Device Type | Endpoint Security Solution |
Supported Model Name/Number | N/A |
Supported Software Version | All |
Collection Method | Syslog |
Configurable Log Output | Yes |
Log Source Type | Syslog - Trend Micro Apex One |
Log Processing Policy | LogRhythm Default 2.0 |
Exceptions | Only CEF format supported |
Additional Information |
Device Configuration Checklist
Change Control Manager logging output to the CEF format. |
Use all other default configuration options. |
Supported Log Messages
Type | Product Version | Supported Schema Fields |
|---|---|---|
V 2.0 : Attack Discovery Detection Event | N/A | <vmid>, <dname>, <dip>, <severity>, <policy>, <subject>, <domainimpacted> |
V 2.0 : Behavior Monitoring Event | N/A | <vmid>, <severity>, <policy>, <process>, <object>, <action>, <tag1>, <sname>, <sip>, <reason> |
V 2.0 : C&C Callback Event | N/A | <vmid>, <sip>, <domainorigin>, <policy>, <action>, <tag1>, <severity>, <url>, <dip>, <process>, <dname> |
V 2.0 : Content Security Event | N/A | <vmid>, <recipient>, <action>, <tag1>, <dname>, <severity>, <object>, <subject>, <sender>, <url>, <sip>, <reason> |
V 2.0 : Data Loss Prevention Event | N/A | <vmid>, <severity>, <policy>, <sip>, <smac>, <sname>, <login>, <url>, <sender>, <recipient>, <object>, <action>, <tag1>, <size> |
V 2.0 : Device Access Control Event | N/A | <vmid>, <severity>, <sname>, <sip>, <dname>, <process>, <object>, <action>, <tag1>, <domainimpacted>, <account> |
V 2.0 : Endpoint Application Control Event | N/A | <vmid>, <severity>, <sname>, <login>, <sip>, <hash>, <process>, <command>, <account>, <policy>, <action>, <tag1> |
V 2.0 : Engine Update Status Event | N/A | <vmid>, <severity>, <sname>, <sip>, <status>, <version> |
V 2.0 : Intrusion Prevention Event | N/A | <vmid>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <severity>, <policy>, <quantity>, <sname> |
V 2.0 : Managed Product Logon/Logoff Events | N/A | <vmid> <severity >, <dname >, <version >, <status >, <subject >, <login >, <sip> |
V 2.0 : Network Content Inspection Event | N/A | <vmid>, <severity>, <process>, <action>, <tag1>, <sip>, <dip>, <sport>, <dport>, <threatname>, <reason> |
V 2.0 : Pattern Update Status Event | N/A | <vmid>, <severity>, <dname>, <dip>, <status> |
V 2.0 : Predictive Machine Learning Event | N/A | <vmid>, <severity>, <threatname>, <dip>, <login>, <object>, <process>, <command>, <action>, <tag1>, <hash>, <reason> |
V 2.0 : Sandbox Detection Event | N/A | <vmid>, <dname>, <dip>, <process>, <hash>, <object>, <url>, <threatname>, <severity>, <subject>, <reason> |
V 2.0 : Spyware/Grayware Event | N/A | <vmid>, <severity>, <quantity>, <threatname>, <version>, <action>, <tag1>, <dname>, <object>, <dip>, <hash> |
V 2.0 : Suspicious File Event | N/A | <vmid>, <severity>, <version>, <dip>, <dname>, <objecttype>, <hash>, <object>, <action>, <tag1>, <reason> |
V 2.0 : Virus/Malware Logs | N/A | <vmid>, <threatname>, <severity>, <quantity>, <dname>, <account>, <action>, <tag1>, <version>, <result>, <object>, <subject>, <sname>, <login>, <dip>, <hash>, <reason> |
V 2.0 : Web Security Event | N/A | <vmid>, <severity>, <protnum>, <quantity>, <dport>, <action>, <tag1>, <sip>, <policy>, <subject>, <object>, <url>, <domainimpacted>, <account>, <sname>, <reason>, <process>, <dip>, <responsecode> |
V 2.0 : Product Auditing Event | N/A | <vendorinfo>, <vmid>, <severity>, <login>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <protnum> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
N/A | N/A | Documentation | New LSO Default V 2.0 document update |