Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Trend Micro URL Click Tracking Event |
Base Rule |
Activity |
General Threat Message |
|
CTP_DETECTION - Blocked |
Sub Rule |
Failed Activity |
Threat Blocked |
|
CTP_DETECTION - Allowed |
Sub Rule |
Network Allow |
Traffic Allowed by Proxy |
|
CTP_DETECTION - Warned And Stopped |
Sub Rule |
Failed Activity |
Threat Blocked |
|
CTP_DETECTION - Warned But Accessed |
Sub Rule |
Activity |
General Threat Message |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
logVer |
N/A |
N/A |
CEF format version |
|
vendor |
N/A |
N/A |
Appliance vendor |
|
pname |
N/A |
N/A |
Appliance product |
|
pver |
N/A |
N/A |
Appliance version |
|
eventid |
N/A |
N/A |
Signature ID |
|
eventName |
<vmid> |
Text/String |
Description |
|
severity |
<severity> |
Number |
Email severity |
|
rt |
N/A |
N/A |
Log generation time |
|
cs1Label |
N/A |
N/A |
Unique message identifier's label |
|
cs1 |
N/A |
N/A |
Unique message identifier |
|
cs2Label |
N/A |
N/A |
Label of the time a URL was clicked |
|
cs2 |
N/A |
N/A |
The time a URL was clicked |
|
request |
<url> |
Text/String |
The URL that was clicked |
|
act |
<action>
|
Text/String |
Action taken on the URL Possible entries:
|
|
msg |
<subject> |
Text/String |
Email subject |
|
suser |
<sender> |
Text/String |
Email sender |
|
duser |
<recipient> |
Text/String |
Email recipients |