Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

Introduction

The tableTables beginning withcef0.trendmicro.xdr identifies identify events in CEF format generated by Trendmicro XDRTechnologies.

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

  • cef0.trendMicro.apexCentral

  • cef0.trendMicro.controlManager

  • cef0.trendMicro.deepDiscoveryAnalyzer

  • cef0.trendMicro.deepDiscoveryDirector

  • cef0.trendMicro.deepDiscoveryInspector

  • cef0.trendMicro.deepSecurityAgent

  • cef0.trendMicro.deepSecurityAnalyzer

  • cef0.trendmicrotrendMicro.xdrdeepSecurityManager

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.

Table structure

These are the fields displayed in this table:

cef0.

...

trendMicro.

...

apexCentral

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

act

str

 

app

str

 

cat

str

 

cn1

int8

 

cn1Label

str

 

cn2

int8

 

cn2Label

str

 

cn3

int8

 

cn3Label

str

 

cn4

str

 

cn4Label

str

 

cnt

int4

 

cs1

str

 

cs1Label

str

 

cs2

str

 

cs2Label

str

 

cs3

str

 

cs3Label

str

 

cs4

str

 

cs4Label

str

 

cs5

str

 

cs5Label

str

 

cs6

str

 

cs6Label

str

 

deviceDirection

str

 

deviceExternalId

str

 

deviceFacility

str

 

dhost

str

 

dmac

str

 

dpt

str

 

dst

ip4

 

duser

str

 

dvchost

str

 

fileHash

str

fname

str

 

proto

str

reason

str

rt

str

shost

str

smac

str

sourceServiceName

str

spt

int4

src

ip4

suser

str

deviceNtDomain

str

dntdom

str

request

str

deviceProcessName

str

hostchain

str

tag

str

 cefTag

rawMessage

str

cef0.trendMicro.controlManager

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

rawMessage

str

 

hostchain

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cat

str

 

c6a1Label

str

 

c6a1

str

 

c6a2Label

str

 

c6a2

str

 

c6a3Label

str

 

c6a3

str

 

c6a4Label

str

 

c6a4

str

 

cfp1Label

str

 

cfp1

float8

 

cfp2Label

str

 

cfp2

float8

 

cfp3Label

str

 

cfp3

float8

 

cfp4Label

str

 

cfp4

float8

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cnt

int4

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

cs4Label

str

 

cs4

str

cs5Label

str

cs5

str

cs6Label

str

cs6

str

destinationDnsDomain

str

destinationServiceName

str

destinationTranslatedAddress

ip4

destinationTranslatedPort

int4

deviceCustomDate1Label

str

deviceCustomDate1

timestamp

deviceCustomDate2Label

str

deviceCustomDate2

timestamp

deviceDirection

int4

deviceDnsDomain

str

 

deviceExternalId

str

deviceInboundInterface

str

deviceMacAddress

str

deviceNtDomain

str

deviceOutboundInterface

str

deviceProcessName

str

deviceTranslatedAddress

ip4

dhost

str

dmac

str

dntdom

str

dpid

int4

dpriv

str

dproc

str

dst

ip4

duid

str

duser

str

dvchost

str

dvc

ip4

dvcpid

int4

end

timestamp

deviceFacility

str

externalId

str

fileCreateTime

timestamp

fileHash

str

fileId

str

fileModificationTime

timestamp

filePath

str

filePermission

str

fileType

 

str

fname

str

 

msg

str

 

rt

timestamp

 

shost

str

 

suid

str

 

ad_cn4

str

 

ad_cn4Label

str

 

agentZoneURI

str

 

agt

str

 

ahost

str

 

aid

str

 

amac

str

 

art

str

 

at

str

 

atz

str

 

av

str

 

customerURI

str

 

deviceSeverity

str

 

dtz

str

 

eventId

str

 

geid

str

 

hostchain

str

 

tag

str

 

fsize

int8

in

int8

msg

str

oldFileCreateTime

timestamp

oldFileHash

str

oldFileId

str

oldFileModificationTime

timestamp

oldFileName

str

oldFilePath

str

oldFilePermission

str

oldFileSize

int8

oldFileType

str

outcome

str

out

int8

proto

str

reason

str

requestClientApplication

str

requestCookies

str

requestMethod

str

request

str

rt

timestamp

shost

str

smac

str

sntdom

str

sourceDnsDomain

str

sourceServiceName

str

sourceTranslatedAddress

ip4

sourceTranslatedPort

int4

spid

int4

spriv

str

sproc

str

spt

int4

src

ip4

start

timestamp

suid

str

suser

str

catdt

str

deviceDomain

str

deviceSeverity

str

dpt

int4

dtz

str

dvcmac

str

endTime

str

eventId

str

flexNumber1

str

flexNumber1Label

str

flexNumber2

str

flexNumber2Label

str

flexString1

str

flexString1Label

str

flexString2

str

flexString2Label

str

modelConfidence

int4

priority

int4

relevance

int4

requestContext

str

sessionId

str

slat

float8

slong

float8

dlat

float8

dlong

float8

sourceGeoCountryCode

str

sourceGeoLocationInfo

str

sourceGeoPostalCode

str

sourceGeoRegionCode

str

destinationGeoCountryCode

str

destinationGeoLocationInfo

str

destinationGeoPostalCode

str

destinationGeoRegionCode

str

agt

ip4

ahost

str

art

str

atz

str

mrt

timestamp

categoryBehavior

str

categoryCustomFormatField

str

categoryDeviceGroup

str

categoryObject

str

categoryOutcome

str

categorySignificance

str

categoryTechnique

str

categoryTupleDescription

str

assetCriticality

str

customerID

str

customerURI

str

tag

str

cefTag

cef0.trendMicro.deepDiscoveryAnalyzer

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

priorityCode

str

 

cefTag

str

 

cefVersion

str

 

embDeviceVendor

str

 

embDeviceProduct

str

 

deviceVersion

str

 

signatureID

str

 

name

str

 

severity

str

 

_cefVer

str

 

act

str

 

app

str

 

cn1Label

str

 

cn1

int8

 

cn2Label

str

 

cn2

int8

 

cn3Label

str

 

cn3

int8

 

cs1Label

str

 

cs1

str

 

cs2Label

str

 

cs2

str

 

cs3Label

str

 

cs3

str

 

cs4Label

str

 

cs4

str

 

cs5Label

str

 

cs5

str

 

deviceDirection

int4

 

deviceExternalId

str

 

dhost

str

 

dmac

str

 

dst

ip4

 

dpt

int4

 

duser

str

 

dvchost

str

 

dvc

ip4

 

dvcmac

str

 

end

timestamp

 

fileHash

str

 

fileType

str

 

fname

str

 

fsize

int8

msg

str

 

outcome

str

requestClientApplication

str

request

str

rt

timestamp

shost

str

smac

str

src

ip4

spt

int4

s3Label

str

hostchain

str

tag

str

cefTag

rawMessage

str