Trend Micro Mail Tracking Event

Vendor Documentation

Rule Name	Rule Type	Classification	Common Event
Trend Micro Mail Tracking Event	Base Rule	Information	General Tracking Log
TRACKING - Bounced	Sub Rule	Warning	Email Message Bounced
TRACKING - Delivery Error	Sub Rule	Error	Email Delivery Internal Error
TRACKING - Deleted	Sub Rule	Information	Email Deleted
TRACKING - Delivered	Sub Rule	Information	Email Delivered
TRACKING - Expired	Sub Rule	Information	Email Message Expired
TRACKING - Quarantined	Sub Rule	Failed Activity	Quarantined Message
TRACKING - Redirected	Sub Rule	Information	Email Message Redirected

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
logVer	N/A	N/A	CEF format version
vendor	N/A	N/A	Appliance vendor
pname	N/A	N/A	Appliance product
pver	N/A	N/A	Appliance version
eventid	N/A	N/A	Signature ID
eventName	<vmid>	Text/String	Description
severity	<severity>	Number	Email severity
rt	N/A	N/A	Log generation time
suser	<sender>	Text/String	Email sender
duser	<recipient>	Text/String	Email recipients
msg	<subject>	Text/String	Email subject
src	<sip>	IP Address	Source IP address
deviceTranslatedAddress	N/A	N/A	Relay MTA IP address
cs1Label	N/A	N/A	Internal email message ID's label
cs1	N/A	N/A	Internal email message ID
cs2Label	N/A	N/A	Email message direction's label
cs2	N/A	N/A	Email message direction
cs3Label	N/A	N/A	Unique message identifier's label
cs3	N/A	N/A	Unique message identifier
cs4Label	N/A	N/A	Email attachments Label
cs4	<objectname> <hash>	Text/String	Email attachments
cn1Label	N/A	N/A	Email message size's label
cn1	<size>	Number	Email message size
act	<action> <tag1>	Text/String	Action on an email message Possible entries: Bounced Temporary delivery error Deleted Delivered Expired Quarantined Redirected Submitted to sandbox Password analyzing
cs5Label	N/A	N/A	TLS information's label
cs5	N/A	N/A	TLS information