Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

Introduction

The table cef0.trendmicro.xdr identifies events in CEF format generated by Trendmicro XDR.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.trendmicro.xdr

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.

...

trendmicro.

...

xdr

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

rawMessagehostname

str

 

hostchainpriorityCode

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

actc6a4Label

str

 

appcn1Label

str

 

dvccn1

ip4int8

 

dst

ip4

 

dhost

cn2Label

str

 

dusercn2

strint8

 

fileIdcn3Label

str

 

fsizecn3

int8

 

fileHashcs1Label

str

 

filePathcs1

str

 

flexNumber1fileHash

int4str

 

flexNumber1Labelfname

str

 

msg

str

 

policyName

str

 

ResourceName

str

 

rt

timestamp

 

sourceServiceName

str

 

src

ip4

 

shost

str

 

susersuid

str

 

originalad_message_idcn4

str

 

originalad_sendercn4Label

str

 

original_subjectagentZoneURI

str

 

email_encryption_typeagt

str

 

file_sigahost

str

 

file_size

int8

 

dlp_hostname

aid

str

 

hostdomain_nameamac

str

 

mac_address

mac

 

uuid

art

str

 

protocolat

str

 

protocol_responseatz

str

 

protocol_response_lineav

str

 

product_phasecustomerURI

str

 

error_codedeviceSeverity

str

 

error_categorydtz

str

 

error_texteventId

str

 

error_descriptiongeid

str

 

evidence_copy_error

str

 

server_response_code

str

 

receive_tls

str

 

send_tls

str

 

receive_auth

str

 

send_auth

str

 

modified_recipients

str

 

email_sender

str

 

email_recipients

str

 

capture_search_id

str

 

capture_search_query

str

 

current_bucket_id

str

 

new_bucket_id

str

 

bucket_id_in_use

str

 

rows_written

str

 

db_error_string

str

 

directory_name

str

 

sss_path

str

 

sss_offset

str

 

sss_metadata_size

str

 

sss_size

str

 

source_port

str

 

request_id

str

 

given_request_id

str

 

transaction_id

str

 

pii_deletion

str

 

pii_deleted_records

str

 

product

str

 

hardware_component

str

 

build_hostchain

str

 

tag

str

 

scan_host_ip

ip4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

cs6Label

str

 

cs6

str

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

tag

str

cefTag

cefTag

rawMessage

str