Skip to main content
Skip table of contents

V 2.0 : Device Access Control Event

Vendor Documentation


Rule Name

Rule Type


Common Event

V 2.0 : Device Access Control EventBase RuleOther AuditGeneral Access Control Message
V 2.0 : Device Access Control : ModifySub RuleAccess SuccessObject Modified
V 2.0 : Device Access Control : Read & ExecuteSub RuleAccess SuccessObject Read
V 2.0 : Device Access Control : ReadSub RuleAccess SuccessObject Read
V 2.0 : DAC : List Device Content OnlySub RuleAccess SuccessObject Read
V 2.0 : Device Access Control : BlockSub RuleAccess FailureAccess Object Failure

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)N/AN/AEvent ID
Header (eventName)<vmid> Text/StringLog name
Header (severity)<severity>NumberSeverity
rt N/AN/AThe log generation time in UTC
cs1Label N/AN/ACorresponding label for the "cs1" field
cs1 N/AN/AServer host name
shost<sname>Text/String/NumberSource host name
Text/String/NumberUser name
dvchost<dname>Text/String/NumberTarget host name
cn1Label N/AN/ACorresponding label for the "cn1" field
cn1 N/AN/AProduct ID
0 Unknown product
1 ScanMail for ccMail
2 ScanMail for Lotus Domino
3 ScanMail for Microsoft Exchange
4 ScanMail for Microsoft Mail
5 ScanMail for OpenMail
6 Reserved 1
7 Reserved 2
8 Reserved 3
9 Reserved 4
10 InterScan WebProtect
11 Reserved 5
12 Reserved 6
13 Reserved 7
14 PC-cillin Corporate Edition
15 Apex One
16 Apex One for Microsoft SBS
18 ServerProtect for Windows
19 ServerProtect for Windows (SOHO)
20 Apex Central
21 Generic
22 InterScan VirusWall for Unix
23 InterScan VirusWall for Windows
25 GoldenGate
26 ActiveUpdate
30 HouseCall
31 PC-cillin ISP server
32 PC-cillin ISP client
33 eManager for ScanMail Exchange
34 InterScan Messaging Security Suite for Windows
35 InterScan Messaging Security Suite for UNIX
36 PortalProtect
37 GateLock Corporate Edition
38 Firewall management (NetScreen)
39 InterScan Web Security Suite for Solaris
40 InterScan Web Security Suite for Windows NT
41 Nokia Message Protector
42 InterScan Web Security Suite for Linux
43 InterScan Web Security Suite for Appliance
44 InterScan Messaging Security Appliance
45 InterScan for Small and Medium Business for Windows NT
46 InterScan Web Security Virtual Appliance
47 InterScan Messaging Security Virtual Appliance
50 InterScan Gateway Security Appliance
51 ServerProtect for Linux
52 ServerProtect for EMC
53 ServerProtect for NetApp
56 Child Apex Central Server
60 Damage Cleanup Services
65 Golden Gate for NT
66 Network VirusWall 1200
67 Network VirusWall MIPS
68 Network VirusWall 2500
69 Network VirusWall 2500 v2
70 Vulnerability Assessment
71 Network Virus Wall Enforcer 1200
72 Network VirusWall Enforcer
73 Network VirusWall Enforcer
75 Trend Micro Threat Mitigator
85 Anti-Spyware Enterprise Edition
87 Trend Micro InterScan for Cisco CSC SSM-20
88 Trend Micro InterScan for Cisco CSC SSM-10
90 IM Security
95 InterScan VirusWall
96 InterScan VirusWall for Linux
100 Control Manager Agent
200 eDoctor Server
300 eDoctor Agent
132 InterScan Messaging Security Suite for Solaris
120 Threat Discovery Appliance
131 Database Protect for Linux
151 Total Discovery Mitigation Server
154 Deep Discovery Inspector
155 ScanMail for IBM Domino
156 Deep Discovery Email Inspector
1000 InterScan eManager
1001 InterScan AppletTrap
1002 InterScan VirusWall Java
1004 InterScan WebProtect for ICAP
10001 NEC StarOffice
20001 Dr. Soloman Anti-virus
20002 Inoculan
20003 Norton Anti-virus
20004 Sophos Sweep
20005 Intel LANProtect
20006 McAfee Virus Scan
20007 FProt
21000 Other third-party product
31001 Apex One (Mac)
31002 Trend Micro Endpoint Encryption
31003 Trend Micro Endpoint Application Control
31004 Trend Micro Deep Security
31006 Vulnerability Protection
31005 Trend Micro Mobile Security
31007 Trend Micro Safe Mobile Workforce
31008 Deep Discovery Analyzer
31009 Trend Micro Endpoint Sensor
31012 Deep Discovery Web Inspector
31101 Trend Micro Email Security
31102 Worry Free Business Security Services
31103 Trend Micro Web Security
31104 Cloud App Security
55555 Demo product
sproc<process>Text/StringTarget process
fname<object>Text/String/NumberFile name
cn2Label N/AN/ACorresponding label for the "cn2" field
cn2 N/AN/A0: USB storage device
1: Non-storage USB
3: Floppy disks
4: Network driver
cn3Label N/AN/ACorresponding label for the "cn3" field
Text/String/Number0: Modify
1: Read and execute
2: Read
3: List device content only
4: Block
deviceFacility N/AN/AProduct
deviceNtDomain N/AN/AActive Directory domain
dntdom N/AN/AApex One domain hierarchy
TMCMLogDetectedHost<sname>Text/String/NumberEndpoint name where the log event occurred
TMCMLogDetectedIP<sip>IP AddressIP address where the log event occurred
ApexCentralHost N/AN/AApex Central host name
devicePayloadId N/AN/AUnique message GUID
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.