Skip to main content
Skip table of contents

Trend Micro Detection Event

Vendor Documentation

Classification

Rule NameRule TypeClassificationCommon Event
Trend Micro Detection EventBase RuleActivityGeneral Threat Message
DETECTION - QuarantineSub RuleActivityQuarantine
DETECTION - BypassSub RuleActivityGeneral Threat Message
DETECTION - Delete AttachmentSub RuleFailed ActivityThreat Deleted
DETECTION - Delete MessageSub RuleFailed ActivityThreat Deleted
DETECTION - RejectSub RuleFailed ActivityThreat Blocked
DETECTION - CleanSub RuleActivityGeneral Threat Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

logVerN/AN/ACEF format version
vendorN/AN/AAppliance vendor
pnameN/AN/AAppliance product
pverN/AN/AAppliance version
eventid<threatid>NumberSignature ID
eventName<vmid>Text/StringDescription
severity<severity> NumberEmail severity
rtN/AN/ALog generation time
cs1LabelN/AN/AEvent type's label
cs1N/AN/AEvent type
cs2Label<domainorigin>Text/StringDomain name's label
cs2N/AN/ADomain name
suser<sender>Text/StringEmail sender
duser<recipient>Text/StringEmail recipients
cs3LabelN/AN/AEmail message direction's label
cs3N/AN/AEmail message direction
cs4LabelN/AN/AUnique message identifier's label
cs4N/AN/AUnique message identifier
msg <subject>Text/StringEmail subject
cn1LabelN/AN/AEmail message size's label
cn1<size>NumberEmail message size
cs5LabelN/AN/AViolated event analysis label
cs5<policy>Text/StringViolated event analysis
cs6LabelN/AN/AViolated event details label
cs6<threatname>
<objectname>
<hash>
Text/StringViolated event details
act<action>
<tag1>
Text/String

Action in the event

Possible entries:

  • Quarantine
  • Bypass
  • Delete Attachment
  • Insert Stamp
  • Tag Subject
  • Change Recipient
  • Delete Message
  • Send Notification
  • Reject
  • Clean
  • BCC
  • Deliver
  • Insert X-Header
  • Encryption in progress
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.