Trend Micro Audit Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Trend Micro Audit Event | Base Rule | Information | General Audit Messages |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
logVer | N/A | N/A | CEF format version |
vendor | N/A | N/A | Appliance vendor |
pname | N/A | N/A | Appliance product |
pver | N/A | N/A | Appliance version |
eventid | N/A | N/A | Signature ID |
eventName | <vmid> | Text/String | Description |
severity | <severity> | Number | Email severity |
rt | N/A | N/A | Log generation time |
cs1Label | N/A | N/A | Account type's label |
cs1 | N/A | N/A | Account type (either end user or admin) |
suser | <login> | Text/String | Email sender |
cs2Label | N/A | N/A | Event type's label |
cs2 | <vendorinfo> | Text/String | Event type |
act | <action> | Text/String | Action in the event |
cs3Label | N/A | N/A | Label of the domain affected by the event |
cs3 | <domainimpacted> | Text/String | Domain affected by the event |