Syslog - Trend Micro Control Manager CEF
Device Details
Vendor | Trend Micro |
|---|---|
Device Type | Security Application |
Supported Model Name/Number | Control Manager Application |
Supported Software Version(s) | 7 |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Trend Micro Control Manager CEF |
Log Processing Policy | LogRhythm Default |
Exceptions | Only CEF format supported |
Additional Information | http://docs.trendmicro.com/en-us/enterprise/control-manager-70/appendices/syslog-mapping-cef.aspx |
Device Configuration Checklist
- Change Control Manager logging output to the CEF format.
- Use all other default configuration options.
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
CEF Data Loss Prevention Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), cs1Label, cs1, cn1Label, cn1, rt, src, smac, shost, cs4Label, cs4, suser, request, duser, msg, filepath, fname, fsize, cs5Label, cs5, cs6Label, cs6, cn3Label, cn3, cn2Label, cn2, cs2Label, cs2, cs3Label, cs3, dvchost, deviceFacility |
CEF Behavior Monitoring Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), rt, dvchost, cn1Label, cn1, cs2Label, cs2, sproc, cn2Label, cn2, cs1Label, cs1, act, cn3Label, cn3, shost, src, deviceFacility |
CEF Device Access Control Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), rt, cs1Label, cs1, shost, dvchost, cn1Label, cn1, sproc, fname, cn2Label, cn2, cn3Label, cn3, deviceFacility, sproc, cn2Label, cn2, cs1Label, cs1, act, cn3Label, cn3, shost, src, deviceFacility |
CEF Engine Update Status Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), rt, shost, cs2Label, cs2, cn1Label, cn1, cn2Label, cn2, cn5Label, cs5, cn3Level, cn3, cs6Label, cs6, deviceFacility, deviceFacility, sproc, cn2Label, cn2, cs1Label, cs1, act, cn3Label, cn3, shost, src, deviceFacility |
CEF Predictive Machine Learning Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), rt, dvchost, cn1Label, cn1, cs2Label, cs2, shost, suser, cn2Label, cn2, filePath, fname, deviceCustomDate1, sproc, cn4Label, cs4, duser, app, cs3Label, cs3, dst, c6a3Label, c6a3, cn3Label, cn3, act, filehash, dhost, deviceExternalId, deviceFacility |
CEF Pattern Update Status Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), rt, shost, cs1Label, cs1, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cn1Label, cn1, cn2Label, cn2, cs5Label, cs5, cn3Label, cn3, cs6Label, cs6, deviceFacility |
CEF Content Security Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), cnt, dhost, duser, act, cs1Label, cs1, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, cat, dvchost, rt, cn1Label, cn1, deviceExternalId, fname, msg, shost, suser, deviceFacility |
CEF Spyware/Grayware Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), cnt, rt, cn1Label, cn1, cs1Label, cs1, cs2Label, cs2, cs5Label, cs5, cs6Label, cs6, cat, dvchost, deviceExternalId, fname, filePath, dhost, dst, c6a3Label, c6a3, fileHash, deviceFacility, duser, cn2Label, cn2, cn3Label, cn3 |
CEF Virus/Malware Logs | 7 | Header (pver), Header (eventid), Header (eventName), Header (severity), cnt, dhost, duser, act, rt, cn1Label, cn1, cn2Label, cn2, cs1Label, cs1, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, cat, dvchost, cn3Label, cn3, deviceExternalId, fname, filePath, msg, shost, suser, dst, c6a3Label, c6a3, fileHash, deviceFacility |
CEF Web Security Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), app, cnt, dpt, act, rt, src, c6a2Label, c6a2, cs1Label, cs1, cs4Label, cs4, cs5Label, cs5, deviceDirection, cat, dvchost, cn1Label, cn1, deviceExternalId, fname, request, deviceFacility, duser, shost, cs2Label, cs2, deviceProcessName, cn3Label, cn3, dst, cn2Label, cn2 |
CEF C&C Callback Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), deviceExternalId, cat, deviceFacility, cs2Label, cs2, rt, shost, src, c6a2Label, c6a2, cs3Label, cs3, cs4Label, cs4, act, cn1Label, cn1, cn2Label, cn2, cn3Label, cn3, request, deviceCustomDate1Label, deviceCustomDate1, deviceCustomDate2Label, deviceCustomDate2, cs5Label, cs5, dst, c6a3Label, c6a3, deviceProcessName |
CEF Suspicious File Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), deviceExternalId, cat, deviceFacility, cn1Label, cn1, rt, dst, c6a3Label, c6a3, dhost, cs2Label, cs2, fileHash, cs3Label, cs3, cn2Label, cn2, act, cn3Label, cn3 |
CEF Network Content Inspection Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), deviceExternalId, cat, deviceFacility, rt, deviceProcessName, src, c6a2Label, c6a2, spt, dst, c6a3Label, c6a3, dpt, act, deviceDirection, cn1Label, cn1, cs2Label, cs2 |
CEF Endpoint Application Control Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), deviceExternalId, rt, dvchost, shost, cs1, suser, cs2, c6a3, cn1, filehash, fname, cs3, duser, cs4, cs5, act, deviceFacility |
CEF Sandbox Detection Logs | 7 | Header (logVer), Header (vendor), Header (pname), Header (pver), Header (eventid), Header (eventName), Header (severity), deviceExternalId, rt, deviceFacility, dvchost, dhost, dst, c6a3, app, sourceServiceName, destinationServiceName, sproc, fileHash, fname, request, cs1, cn1, cs2, cs3 |