Skip to main content
Skip table of contents

Web Reputation Event

Vendor Documentation

https://docs.trendmicro.com/all/ent/ddd/v5.3/en-us/ddd_5.3_sg.pdf

Classification

Rule Name

Rule Type

Classification

Common Event

Web Reputation EventBase Rule Activity General Threat Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)N/AN/ASignature ID
Header (eventName)<vendorinfo>Text/StringDescription
Header (severity)<severity>NumberSeverity
app<protname>Text/StringProtocol
c6a1<snatip>IPInterested IPv6
c6a1LabelN/AN/AInterested IPv6 label
c6a2<sip>IPSource IPv6 address
c6a2LabelN/AN/ASource IPv6 address label
c6a3<dip>IPDestination IPv6 address
c6a3LabelN/AN/ADestination IPv6 address label
c6a4<dnatip>IPPeer IPv6 address
c6a4LabelN/AN/APeer IPv6 address label
cn1N/AN/ACCCA detection
cn1labelN/AN/ACCCA detection label
cn2N/AN/AScore
cn2LabelN/AN/AScore label
cn3N/AN/AThreat type
cn3LabelN/AN/AThreat type label
cs1N/AN/AMail subject
cs1LabelN/AN/AMail subject label
cs2<subject>Text/StringCategory
cs2LabelN/AN/ACategory label
cs3N/AN/AHost name
cs3LabelN/AN/AHost name label
cs4<threatname>Text/StringAttack Phase
cs4LabelN/AN/AAttack Phase label
destinationTranslatedAddress<dnatip>IPPeer IP
deviceDirectionN/AN/APacket direction
deviceExternalIdN/AN/AAppliance GUID
devicePayloadIdN/AN/AAn extendable field.
Format: {threat_type}:{log_id}:{with pcap file captured}:{extensions}*
dhost<dname>IPDestination host name
dmac<dmac>Text/StringDestination MAC
dpt<dport>NumberDestination port
dst<dip>IPDestination IP address
duser<recipient>Text/StringMail recipient
dvcN/AN/AAppliance IP address
dvchostN/AN/AAppliance host name
dvcmacN/AN/AAppliance MAC address
flexNumber1N/AN/AvLANId
flexNumber1LabelN/AN/AvLANId label
requestClientApplication<useragent>Text/StringUser agent
request<url>Text/StringURL
rtN/AN/ALog generation time
Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)
shost<sname>IPSource host name
smac<smac>Text/StringSource MAC
sourceTranslatedAddress<snatip>IPInterested IP
src<sip>IPSource IP address
spt<sport>NumberSource port
suser<sender>Text/StringMail sender
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close