Workbench Alert Log Messages
Vendor Documentation
https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-workbench-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Workbench Alert Log Messages | Base Rule | General Alert Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
datetime | N/A | N/A | Local time in the format: "MMM dd yyyy HH:mm:ss" |
host | N/A | N/A | Hostname without the domain information |
Version | N/A | N/A | CEF format version, current CEF version is 0 |
Device Vendor | N/A | N/A | Appliance vendor |
Device Product | <vendorinfo> | Text/String | Appliance product |
Device Version | <version> | Text/String | Appliance version |
Device Event Class ID | <vmid> | Number | A unique identifier per event-type. This can be a string or an integer Workbench OR OAT |
Name | <objecttype> | Text/String | A string representing a human-readable and understandable description of the event |
Severity | <severity> | Number | Importance of the event |
externalId | N/A | N/A | Workbench ID |
cat | N/A | N/A | Workbench name |
cn1 | N/A | N/A | Count of all impact scopes |
cn1Label | N/A | N/A | Corresponding label for the "cn1" field |
cs1 | <url> | Text/String | Workbench link |
cs1Label | N/A | N/A | Corresponding label for the "cs1" field |
msg | <subject> | Text/String | Description of the detection model |
rt | N/A | N/A | Workbench complete time |
sourceServiceName | <object> | Text/String | Alert provider |
TrendMicroV1CompanyID | N/A | N/A | Company ID |