V 2.0 : Engine Update Status Event

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef.aspx

https://docs.trendmicro.com/en-us/enterprise/trend-micro-apex-central-2019-online-help/appendices/syslog-mapping-cef/cef-engine-update-st.aspx

V 2.0 : Engine Update Status Event

Base Rule

Information

General Information

Header (logVer)

N/A

N/A

CEF format version

Header (vendor)

N/A

N/A

Product vendor

Header (pname)

N/A

N/A

Product name

Header (pver)

N/A

N/A

Product version

Header (eventid)

N/A 

N/A

Event ID

Header (eventName)

<vmid> 

Text/String

Log name

Header (severity)

<severity>

Number

Severity

rt

N/A

N/A

Log generation time in UTC

shost

<sname>

Text/String/Number

Product Entity/Endpoint

cs2Label

N/A

N/A

Corresponding label for the "cs2" field

cs2

<sip>

IP Address

Product/Endpoint IP

cn1Label

N/A

N/A

Connection status

cn1

<status>

Number

Connection status
0: Unable to connect
1: Active
2: Inactive
100: Product active
101: Product inactive but agent is active
102: Roaming

cn2Label

N/A

N/A

Corresponding label for the "cn2" field

cn2

N/A

N/A

Engine

cn5Label

N/A

N/A

Corresponding label for the "cn5" field

cs5

<version>

Text/String/Number

Engine version

cn3Level

N/A

N/A

Corresponding label for the "cn3" field

cn3

N/A

N/A

Engine Status
0: Unused
1: In use

cs6Label

N/A 

N/A

Corresponding label for the "cs6" field

cs6

N/A

N/A

ActiveUpdate component type
1: Engine

deviceFacility

N/A

N/A

Product name

msg

N/A

N/A

Engine type display name

ApexCentralHost

N/A

N/A

Apex Central host name

deviceNtDomain

N/A

N/A

Active Directory domain

dntdom

N/A

N/A

Apex One domain hierarchy