Syslog - Trend Micro Deep Discovery Analyzer CEF
Device Details
Device Name | Deep Discovery Analyzer |
Vendor | Trend Micro |
Device Type | Deep Discovery Analyzer |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Syslog |
Configurable Log Output | CEF |
Log Source Type | Syslog - Trend Micro Deep Discovery Analyzer CEF |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information | https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
Alert Event Logs | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <objectname>, <tag1>, <subject> |
Catch All | N/A | <severity>, <tag1> |
Deny List Transaction | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <objecttype>, <action>, <url> |
Detection Results Events | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <object>, <objecttype>, <hash>, <sender>, <recipient>, <subject>, <protname> |
File Analysis Events | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <object>, <hash>, <objecttype>, <size>, <threatid>, <result> |
Notable Characteristics Events | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <object>, <hash>, <objecttype>, <size>, <threatname>, <subject>, <url>, <policy> |
System Events | N/A | <version>, <vmid>, <tag1>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <objecttype>, <tag1>, <result>, <account>, <sip> |
URL Analysis Events | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <dip>, <dname>, <dmac>, <url>, <hash>, <result> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB X7.1.731.0 | Syslog - Trend Micro Deep Discovery Analyzer CEF | New Device Documentation |