V 2.0 : Pattern Update Status Event

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef.aspx

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef/cef-pattern-update-s.aspx

Rule Name	Rule Type	Classification	Common Event
V 2.0 : Pattern Update Status Event	Base Rule	Information	General Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Header (logVer)	N/A	N/A	CEF format version
Header (vendor)	N/A	N/A	Product vendor
Header (pname)	N/A	N/A	Product name
Header (pver)	N/A	N/A	Product version
Header (eventid)	N/A	N/A	Event ID
Header (eventName)	<vmid>	Text/String	Log name
Header (severity)	<severity>	Number	Severity
rt	N/A	N/A	Log generation time in UTC
shost	<dname>	Text/String/Number	Product Entity/Endpoint
cs1Label	N/A	N/A	Corresponding label for the "cs1" field
cs1	N/A	N/A	Operating system
cs2Label	N/A	N/A	Corresponding label for the "cs2" field
cs2	<dip>	IP Address	Product/Endpoint IP
cs3Label	N/A	N/A	Corresponding label for the "cs3" field
cs3	N/A	N/A	Update Agent
cs4Label	N/A	N/A	Corresponding label for the "cs4" field
cs4	N/A	N/A	Domain
cn1Label	N/A	N/A	Corresponding label for the "cn1" field
cn1	<status>	Number	0: Unable to connect 1: Active 2: Inactive 100: Product active 101: Product inactive but agent is active 102: Roaming
cn2Label	N/A	N/A	Corresponding label for the "cn2" field
cn2	N/A	N/A	Pattern/Rule
cs5Label	N/A	N/A	Corresponding label for the "cs5" field
cs5	N/A	N/A	Pattern/Rule version
cn3Label	N/A	N/A	Corresponding label for the "cn3" field
cn3	N/A	N/A	0: Up-to-date 1: 1 version old 2: 2 versions old 3: 3 versions old 4: 4 versions old 5: 5 versions old 6: 6 versions old 7: 7 or more versions old
cs6Label	N/A	N/A	Corresponding label for the "cs6" field
cs6	N/A	N/A	2: Pattern
deviceFacility	N/A	N/A	Managed product name
msg	N/A	N/A	Pattern type display name
ApexCentralHost	N/A	N/A	Apex Central host name
deviceNtDomain	N/A	N/A	Active Directory domain
dntdom	N/A	N/A	Apex One domain hierarchy

Vendor Documentation

Classification

Mapping with LogRhythm Schema