Syslog - Trend Micro Vision One CEF
Device Details
Device Name | Vision One |
Vendor | Trend Micro |
Device Type | Vision One |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Syslog |
Configurable Log Output | CEF |
Log Source Type | Syslog - Trend Micro Vision One CEF |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information | https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-workbench-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-account-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-system-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
Attack Technique Log Messages | N/A | <vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <reason>, <dname>, <dip>, <sip>, <sname>, <dport>, <sport>, <command>, <domainimpacted>, <domainorigin>, <threatname>, <action>, <protname>, <login>, <account>, <url>, <processid>, <parentprocessid>, <useragent>, <hash>, <object>, <parentprocesspath>, <process> |
Workbench Alert Log Messages | N/A | <vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <url>, <subject>, <object> |
Account Audit Log Messages | N/A | <vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <object>, <account>, <action>, <result>, <subject> |
Catch-All | N/A | <tag1>, <severity> |
System Audit Log Messages | N/A | <vendorinfo>, <version>, <vmid>, <objecttype>, <severity>, <action>, <subject> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.708.0 | Syslog - Trend Micro Vision One CEF | New Device Documentation | N/A |