Classification

Rule Name

Rule Type

Common Event

Classification

Catch All : Trend Micro OfficeScan ServerBase RuleGeneral Trend Micro Security Server InformationInformation

Sample Logs

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Trend Micro OfficeScan Server'/><EventID Qualifiers='5'>10</EventID><Level>Error</Level><Task></Task><Keywords>Classic</Keywords><TimeCreated SystemTime='2020-10-13T15:09:00.967599500Z'/><EventRecordID>71153</EventRecordID><Channel>Application</Channel><Computer>_destinationHostname</Computer><Security UserID='_domainOrigin\_originUser'/></System><EventData><Data>Delete client GUID[25812d17-a568-43db-90cf-aa1eb796c08e] with the same MAC address</Data></EventData></Event>

Mapping with LogRhythm Schema  

Device Key in Log Message

Log Value

LogRhythm Schema

Data Type

NameTrend Micro OfficeScan Server<vendorinfo>Text/String
Eventid10<vmid>Number
LevelError<severity>Text/String
Computer_destinationHostname<dname>Text/String
userid_domainOrigin<domainorigin>Text/String
N/A_originUser<login>Text/String
threadidN/A<session>Text/String/Number
N/ATrend Micro OfficeScan Server<process>Text/String
ProcessIDN/A<processid>Number
DataDelete client GUID[25812d17-a568-43db-90cf-aa1eb796c08e] with the same MAC address<subject>Number