Skip to main content
Skip table of contents

Trend Micro URL Click Tracking Event

Vendor Documentation

https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/logs-in-hes/managing-syslog/syslog-content-mappi/cef-detection-logs.aspx

https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/logs-in-hes/managing-syslog.aspx

Classification

Rule NameRule TypeClassificationCommon Event
Trend Micro URL Click Tracking EventBase RuleActivityGeneral Threat Message
CTP_DETECTION - BlockedSub RuleFailed ActivityThreat Blocked
CTP_DETECTION - AllowedSub RuleNetwork AllowTraffic Allowed by Proxy
CTP_DETECTION - Warned And StoppedSub RuleFailed ActivityThreat Blocked
CTP_DETECTION - Warned But AccessedSub RuleActivityGeneral Threat Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

logVerN/AN/ACEF format version
vendorN/AN/AAppliance vendor
pnameN/AN/AAppliance product
pverN/AN/AAppliance version
eventidN/AN/ASignature ID
eventName<vmid>Text/StringDescription
severity<severity> NumberEmail severity
rtN/AN/ALog generation time
cs1LabelN/AN/AUnique message identifier's label
cs1N/AN/AUnique message identifier
cs2LabelN/AN/ALabel of the time a URL was clicked
cs2N/AN/AThe time a URL was clicked
request<url>Text/StringThe URL that was clicked
act<action>
<tag1>		Text/String

Action taken on the URL

Possible entries:

  • blocked
  • allowed
  • warned and stopped
  • warned but accessed
msg<subject>Text/StringEmail subject
suser<sender>Text/StringEmail sender
duser<recipient>Text/StringEmail recipients
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close