Device Details

Device NameTrend Micro Apex One

Vendor

Trend Micro

Device Type

Endpoint Security Solution

Supported Model Name/Number

N/A

Supported Software Version

All

Collection Method

Syslog

Configurable Log Output

Yes

Log Source Type

Syslog - Trend Micro Apex One

Log Processing Policy

LogRhythm Default 2.0

Exceptions

Only CEF format supported

Additional Information

Supported Log Types and Formats

CEF Data Loss Prevention Logs

Apex Central 2019 - Best Practice Guide

Device Configuration Checklist

Change Control Manager logging output to the CEF format.

Use all other default configuration options.

Supported Log Messages

Type

Product Version

Supported Schema Fields

V 2.0 : Attack Discovery Detection Event N/A<vmid>, <dname>, <dip>, <severity>, <policy>, <subject>, <domainimpacted>
V 2.0 : Behavior Monitoring EventN/A<vmid>, <severity>, <policy>, <process>, <object>, <action>, <tag1>, <dname>, <dip>, <reason>
V 2.0 : C&C Callback EventN/A<vmid>, <sip>, <domainorigin>, <policy>, <action>, <tag1>, <severity>, <url>, <dip>, <process>
V 2.0 : Content Security EventN/A<vmid>, <recipient>, <action>, <tag1>, <dname>, <severity>, <object>, <subject>, <sender>, <url>, <sip>, <reason>
V 2.0 : Data Loss Prevention EventN/A<vmid>, <severity>, <policy>, <sip>, <smac>, <sname>, <login>, <url>, <sender>, <recipient>, <object>, <action>, <tag1>, <size>
V 2.0 : Device Access Control EventN/A<vmid>, <severity>, <sname>, <dname>, <process>, <object>, <action>, <tag1>
V 2.0 : Endpoint Application Control EventN/A<vmid>, <severity>, <sname>, <login>, <sip>, <hash>, <process>, <command>, <account>, <policy>, <action>, <tag1>
V 2.0 : Engine Update Status EventN/A<vmid>, <severity>, <sname>, <sip>, <status>, <version>
V 2.0 : Intrusion Prevention EventN/A<vmid>, <action>, <sip>, <dip>, <smac>, <sport>, <dmac>, <dport>, <severity>, <policy>, <quantity>, <sname>
V 2.0 : Managed Product Logon/Logoff EventsN/A<vmid> <severity >, <dname >, <version >, <status >, <subject >, <login >, <sip>
V 2.0 : Network Content Inspection EventN/A<vmid>, <severity>, <process>, <action>, <tag1>, <sip>, <dip>, <sport>, <dport>, <threatname>, <reason>
V 2.0 : Pattern Update Status EventN/A<vmid>, <severity>, <dname>, <dip>, <status>
V 2.0 : Predictive Machine Learning EventN/A<vmid>, <severity>, <threatname>, <dip>, <login>, <object>, <process>, <command>, <action>, <tag1>, <hash>, <reason>
V 2.0 : Sandbox Detection EventN/A<vmid>, <dname>, <dip>, <process>, <hash>, <object>, <url>, <threatname>, <severity>, <subject>, <reason>
V 2.0 : Spyware/Grayware EventN/A<vmid>, <severity>, <quantity>, <threatname>, <version>, <action>, <tag1>, <dname>, <object>, <dip>, <hash>
V 2.0 : Suspicious File EventN/A<vmid>, <severity>, <version>, <dip>, <dname>, <objecttype>, <hash>, <object>, <action>, <tag1>, <reason>
V 2.0 : Virus/Malware LogsN/A<vmid>, <threatname>, <severity>, <quantity>, <account>, <action>, <tag1>, <version>, <result>, <object>, <subject>, <sname>, <login>, <dip>, <hash>, <reason>
V 2.0 : Web Security EventN/A<vmid>, <severity>, <protnum>, <quantity>, <dport>, <action>, <tag1>, <sip>, <policy>, <object>, <url>, <reason>
V 2.0 : Product Auditing EventN/A<vendorinfo>,<vmid>,<severity>,<login>,<action>,<sip>,<dip>,<smac>,<sport>,<dmac>,<dport>,<protnum>

Revision History


KB Version

Log Type

Change Type

Details

N/AN/ADocumentationNew LSO Default V 2.0 document update