Syslog - Trend Micro Apex One (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Trend Micro Apex One log source type.

Vendor Documentation

https://docs.trendmicro.com/en-us/enterprise/apex-central-online-help/appendices/syslog-mapping-cef.aspx

Prerequisites

Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.
Enable the new MPE rules in the LogRhythm System Monitor.
- Select log source type Syslog - Trend Micro Apex One.
- Enable log processing policy LogRhythm Default v2.0.
For details on how to enable LogRhythm Default v2.0, see Apply LogRhythm Default v2.0 on a Log Source.

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type	Event Type
Attack Discovery Detections	General Attack Activity
Behavior Monitoring Log Messages	General Behavior Information
CNC Callback And Suspicious Connection Log Message	Suspicious Activity
Device Access Control Log Messages	General Access Control Message
Engine Update Status Log	General Info Log Message
Intrusion Prevention Log Messages	Threat Blocked
Spyware Detected Log Messages	Detected Spyware Activity
Update Status Log	Pattern Update Event
Product Auditing Events	General Auditing Message

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

No changes

Updates to System Reports

No changes

Updates to System Investigations

No changes

Updates to System Report Templates

No changes

Updates to System Tails

No changes