Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Trend Micro Audit Event |
Base Rule |
Information |
General Audit Messages |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
logVer |
N/A |
N/A |
CEF format version |
|
vendor |
N/A |
N/A |
Appliance vendor |
|
pname |
N/A |
N/A |
Appliance product |
|
pver |
N/A |
N/A |
Appliance version |
|
eventid |
N/A |
N/A |
Signature ID |
|
eventName |
<vmid> |
Text/String |
Description |
|
severity |
<severity> |
Number |
Email severity |
|
rt |
N/A |
N/A |
Log generation time |
|
cs1Label |
N/A |
N/A |
Account type's label |
|
cs1 |
N/A |
N/A |
Account type (either end user or admin) |
|
suser |
<login> |
Text/String |
Email sender |
|
cs2Label |
N/A |
N/A |
Event type's label |
|
cs2 |
<vendorinfo> |
Text/String |
Event type |
|
act |
<action> |
Text/String |
Action in the event |
|
cs3Label |
N/A |
N/A |
Label of the domain affected by the event |
|
cs3 |
<domainimpacted> |
Text/String |
Domain affected by the event |