Trend Micro Detection Event

Rule Name	Rule Type	Classification	Common Event
Trend Micro Detection Event	Base Rule	Activity	General Threat Message
DETECTION - Quarantine	Sub Rule	Activity	Quarantine
DETECTION - Bypass	Sub Rule	Activity	General Threat Message
DETECTION - Delete Attachment	Sub Rule	Failed Activity	Threat Deleted
DETECTION - Delete Message	Sub Rule	Failed Activity	Threat Deleted
DETECTION - Reject	Sub Rule	Failed Activity	Threat Blocked
DETECTION - Clean	Sub Rule	Activity	General Threat Message

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
logVer	N/A	N/A	CEF format version
vendor	N/A	N/A	Appliance vendor
pname	N/A	N/A	Appliance product
pver	N/A	N/A	Appliance version
eventid	<threatid>	Number	Signature ID
eventName	<vmid>	Text/String	Description
severity	<severity>	Number	Email severity
rt	N/A	N/A	Log generation time
cs1Label	N/A	N/A	Event type's label
cs1	N/A	N/A	Event type
cs2Label	<domainorigin>	Text/String	Domain name's label
cs2	N/A	N/A	Domain name
suser	<sender>	Text/String	Email sender
duser	<recipient>	Text/String	Email recipients
cs3Label	N/A	N/A	Email message direction's label
cs3	N/A	N/A	Email message direction
cs4Label	N/A	N/A	Unique message identifier's label
cs4	N/A	N/A	Unique message identifier
msg	<subject>	Text/String	Email subject
cn1Label	N/A	N/A	Email message size's label
cn1	<size>	Number	Email message size
cs5Label	N/A	N/A	Violated event analysis label
cs5	<policy>	Text/String	Violated event analysis
cs6Label	N/A	N/A	Violated event details label
cs6	<threatname> <objectname> <hash>	Text/String	Violated event details
act	<action> <tag1>	Text/String	Action in the event Possible entries: Quarantine Bypass Delete Attachment Insert Stamp Tag Subject Change Recipient Delete Message Send Notification Reject Clean BCC Deliver Insert X-Header Encryption in progress

Vendor Documentation