Trend Micro Detection Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Trend Micro Detection Event | Base Rule | Activity | General Threat Message |
DETECTION - Quarantine | Sub Rule | Activity | Quarantine |
DETECTION - Bypass | Sub Rule | Activity | General Threat Message |
DETECTION - Delete Attachment | Sub Rule | Failed Activity | Threat Deleted |
DETECTION - Delete Message | Sub Rule | Failed Activity | Threat Deleted |
DETECTION - Reject | Sub Rule | Failed Activity | Threat Blocked |
DETECTION - Clean | Sub Rule | Activity | General Threat Message |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
logVer | N/A | N/A | CEF format version |
vendor | N/A | N/A | Appliance vendor |
pname | N/A | N/A | Appliance product |
pver | N/A | N/A | Appliance version |
eventid | <threatid> | Number | Signature ID |
eventName | <vmid> | Text/String | Description |
severity | <severity> | Number | Email severity |
rt | N/A | N/A | Log generation time |
cs1Label | N/A | N/A | Event type's label |
cs1 | N/A | N/A | Event type |
cs2Label | <domainorigin> | Text/String | Domain name's label |
cs2 | N/A | N/A | Domain name |
suser | <sender> | Text/String | Email sender |
duser | <recipient> | Text/String | Email recipients |
cs3Label | N/A | N/A | Email message direction's label |
cs3 | N/A | N/A | Email message direction |
cs4Label | N/A | N/A | Unique message identifier's label |
cs4 | N/A | N/A | Unique message identifier |
msg | <subject> | Text/String | Email subject |
cn1Label | N/A | N/A | Email message size's label |
cn1 | <size> | Number | Email message size |
cs5Label | N/A | N/A | Violated event analysis label |
cs5 | <policy> | Text/String | Violated event analysis |
cs6Label | N/A | N/A | Violated event details label |
cs6 | <threatname> <objectname> <hash> | Text/String | Violated event details |
act | <action> <tag1> | Text/String | Action in the event Possible entries:
|