CEF Virtual Analyzer Analysis Logs: Deny List Transaction Events
|
CEF Key
|
Description
|
Value
|
|
Header (logVer)
|
CEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 5.5.0.1191
|
|
Header (eventid)
|
Signature ID
|
200120
|
|
Header (eventName)
|
Description
|
Deny List updated
|
|
Header (severity)
|
Severity
|
3: Informational
|
|
act
|
The action in the event
|
Add
|
|
cs1
|
Deny List type
|
|
|
cs1Label
|
Deny List type
|
type
|
|
cs2
|
Risk level
|
|
|
cs2Label
|
Risk level
|
RiskLevel
|
|
deviceExternalId
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
dhost
|
Destination host name
|
Example: dhost1
|
|
dpt
|
Destination port
|
Value between 0 and 65535
|
|
dst
|
Destination IPv4 address
|
Example: 10.1.144.199
|
|
dvc
|
Appliance IP address
|
Example: 10.1.144.199
|
|
dvchost
|
Appliance host name
|
Example: localhost
|
|
dvcmac
|
Appliance MAC address
|
Example: 00:0C:29:6E:CB:F9
|
|
end
|
Deny List expired time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
|
fileHash
|
SHA1
|
Example: 1EDD5B38DE4729545767088C5CAB395E4197C8F3
|
|
request
|
URL
|
Example: http://www.rainking.net/?utm_campaign=4-21-2014
|http://images.rainking.net/eloquaimage
|
|
rt
|
Log generation time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
Log sample: