This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Trend Micro Apex One log source type. 

Vendor Documentation


Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message TypeEvent Type
Attack Discovery DetectionsGeneral Attack Activity
Behavior Monitoring Log MessagesGeneral Behavior Information
CNC Callback And Suspicious Connection Log MessageSuspicious Activity
Device Access Control Log MessagesGeneral Access Control Message
Engine Update Status LogGeneral Info Log Message
Intrusion Prevention Log MessagesThreat Blocked
Spyware Detected Log MessagesDetected Spyware Activity
Update Status LogPattern Update Event
Product Auditing EventsGeneral Auditing Message

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes