Device Details
|
Vendor |
Trend Micro |
|---|---|
|
Device Type |
LEEF |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version(s) |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog - Trend Micro Deep Security |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
https://help.deepsecurity.trendmicro.com/trust-center.html http://docs.trendmicro.com/all/ent/ddan/v5.5/en-us/ddan_5.5_sg.pdf |
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
Email Traffic Inspector |
All |
Severity, Event Message, Host, Quantity, Event ID, Object |
|
LEEF Server Message |
All |
User Name, Module Name, Operation, Resource, Status |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
N/A |
<severity> |
Text/String |
|
N/A |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<processid> |
Numeric |
|
N/A |
<object> |
Text/String |
|
N/A |
<vendorinfo> |
Text/String |
|
N/A |
<parentprocessname> |
Text/String |
|
N/A |
<parentprocessid> |
Numeric |
|
N/A |
<command> |
Text/String |
|
N/A |
<result> |
Text/String |
|
N/A |
<login> |
Text/String |
|
N/A |
<action> |
Text/String |
|
N/A |
<size> |
Numeric |
|
N/A |
<sip> |
IP Address |
|
N/A |
<sport> |
Numeric |
|
N/A |
<dip> |
IP Address |
|
N/A |
<dport> |
Numeric |
|
N/A |
<packetsin> |
Numeric |
|
N/A |
<packetsout> |
Numeric |
|
N/A |
<bytesin> |
Numeric |
|
N/A |
<bytesout> |
Numeric |