Syslog - Trend Micro Vision One CEF

Device Details

Device Name	Vision One
Vendor	Trend Micro
Device Type	Vision One
Supported Model Name/Number	N/A
Supported Software Version	N/A
Collection Method	Syslog
Configurable Log Output	CEF
Log Source Type	Syslog - Trend Micro Vision One CEF
Log Processing Policy	LogRhythm Default V 2.0
Exceptions	N/A
Additional Information	https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-observed-attack-techniques-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-workbench-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-account-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-system-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
Attack Technique Log Messages	N/A	<vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <reason>, <dname>, <dip>, <sip>, <sname>, <dport>, <sport>, <command>, <domainimpacted>, <domainorigin>, <threatname>, <action>, <protname>, <login>, <account>, <url>, <processid>, <parentprocessid>, <useragent>, <hash>, <object>, <parentprocesspath>, <process>
Workbench Alert Log Messages	N/A	<vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <url>, <subject>, <object>
Account Audit Log Messages	N/A	<vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <object>, <account>, <action>, <result>, <subject>, <sender>, <recipient>
Catch-All	N/A	<tag1>, <severity>
System Audit Log Messages	N/A	<vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <action>, <subject>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.708.0	Syslog - Trend Micro Vision One CEF	New Device Documentation	N/A