URL Detection Event | LogRhythm Documentation

Vendor Documentation

https://docs.trendmicro.com/all/ent/ddd/v5.3/en-us/ddd_5.3_sg.pdf

Rule Name	Rule Type	Classification	Common Event
URL Detection Event	Base Rule	Activity	General Threat Message

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Header (logVer)	N/A	N/A	CEF format version
Header (vendor)	N/A	N/A	Appliance vendor
Header (pname)	N/A	N/A	Appliance product
Header (pver)	N/A	N/A	Appliance version
Header (eventid)	N/A	N/A	Signature ID
Header (eventName)	<vendorinfo>	Text/String	Description
Header (severity)	<severity>	Number	Severity
cat	N/A	N/A	Event category
cs1	<threatname>	Text/String	Threat Name
cs1Label	N/A	N/A	Threat Name label
cs2	N/A	N/A	Internal email ID
cs2Label	N/A	N/A	Internal email ID label
deviceExternalId	N/A	N/A	Appliance GUID
dvc	N/A	N/A	Appliance IP address
dvchost	N/A	N/A	Appliance host name
dvcmac	N/A	N/A	Appliance MAC address
request	<url>	Text/String	URL
rt	N/A	N/A	Log generation time Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)