CEF Virtual Analyzer Analysis Logs: Notable Characteristics Events
|
CEF Key
|
Description
|
Value
|
|
Header (logVer)
|
CEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Analyzer
|
|
Header (pver)
|
Appliance version
|
Example: 5.5.0.1191
|
|
Header (eventid)
|
Signature ID
|
200127
|
|
Header (eventName)
|
Description
|
Notable Characteristics of the analyzed sample
|
|
Header (severity)
|
Severity
|
6: Warning
|
|
cs1
|
Violated policy name
|
Example: Internet Explorer Setting Modification
|
|
cs1Label
|
Violated policy name
|
PolicyCategory
|
|
cs2
|
Violated event analysis
|
Example: Modified important registry items
|
|
cs2Label
|
Violated event analysis
|
PolicyName
|
|
cs3
|
Sandbox image type
|
Example: win7
|
|
cs3Label
|
Sandbox image type
|
SandboxImageType
|
|
deviceExternalId
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
dvc
|
Appliance IP address
|
Example: 10.1.144.199
|
|
dvchost
|
Appliance host name
|
Example: localhost
|
|
dvcmac
|
Appliance MAC address
|
Example: 00:0C:29:6E:CB:F9
|
|
fileHash
|
SHA1
|
Example: 1EDD5B38DE4729545767088C5CAB395E4197C8F3
|
|
fileType
|
True file type
|
Example: RIFF bitmap file
|
|
fname
|
File name
|
Example: excel.rar
|
|
fsize
|
File size
|
Example: 131372
|
|
msg
|
Details
|
Example: Source: ATSE\nDetection Name: TSPY_FAREIT.WT\nEngine
Version: 9.755.1246\nMalware Pattern Version: 11.501.90
|
|
rt
|
Analysis time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
Log sample: