Syslog - Trend Micro Deep Discovery Director

Device Details

Device Name	Trend Micro Deep Discovery Director
Vendor	Trend Micro
Device Type	Endpoint Security Solution
Supported Model Name/Number	N/A
Supported Software Version	All
Collection Method	Syslog
Configurable Log Output	Yes
Log Source Type	Syslog - Trend Micro Deep Discovery Director
Log Processing Policy	LogRhythm Default V2.0
Exceptions	Only CEF format supported
Additional Information	N/A

Device Configuration Checklist

Change Control Manager logging output to the CEF format.

Use all other default configuration options.

Supported Log Messages

Type	Product Version	Supported Schema Fields
Attachment Detection Event	N/A	<vendorinfo>, <severity>, <threatname>, <hash>, <objecttype>, <object>, <size>
Deny List Transaction Event	N/A	<vmid>, <vendorinfo>, <action>, <tag1>, <policy>, <severity>, <dname>, <dport>, <dip>, <hash>, <url>
Disruptive Application Event	N/A	<vmid>, <vendorinfo>, <severity>, <protname>, <snatip>, <sip>, <dip>, <dnatip>, <dnatip>, <dname>, <dmac>, <dport>, <dip>, <sname>, <smac>, <snatip>, <sport>
Email Detection Event	N/A	<vendorinfo>, <severity>, <action>, <tag1>, <size>, <threatname>, <recipient>, <subject>, <sip>, <sender>
File Analysis Event	N/A	<vendorinfo>, <severity>, <threatname>, <hash>, <objecttype>, <object>, <size>
Message Tracking Event	N/A	<vendorinfo>, <severity>, <action>, <tag1>, <status>. <recipient>, <subject>, <reason>, <sip>, <sender>
Notable Characteristics Event	N/A	<vendorinfo>, <severity>, <policy>, <hash>, <objecttype>, <object>, <size>, <subject>
Threat Event	N/A	<threatid>, <vendorinfo>, <severity>, <action>, <tag1>, <protname>, <snatip>, <sip>, <dip>, <dnatip>,<threatname>, <dnatip>, <dname>, <dmac>, <dport>, <dip>, <recipient>, <hash>, <object>, <size>, <useragent>, <url>, <sname>, <smac>, <snatip>, <sport>, <login>, <sender>
URL Analysis Event	N/A	<vendorinfo>, <severity>, <hash>, <url>
URL Detection Event	N/A	<vendorinfo>, <severity>, <threatname>, <url>
Web Reputation Event	N/A	<vendorinfo>, <severity>, <protname>, <snatip>, <sip>, <dip>, <dnatip>, <subject>, <threatname>, <dnatip>,<dname>, <dmac>, <dport>, <dip>, <recipient>, <useragent>, <url>, <sname>, <smac>, <snatip>, <sip>, <sport>, <sender>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.646.0	Syslog	New Device	N/A

[data-colorid=v6en42wmd8]{color:#333333} html[data-color-mode=dark] [data-colorid=v6en42wmd8]{color:#cccccc}[data-colorid=gh4q1jjfd4]{color:#333333} html[data-color-mode=dark] [data-colorid=gh4q1jjfd4]{color:#cccccc}Device Details

Device Configuration Checklist

Supported Log Messages

Revision History

Device Details