Each syslog entry lists one of the following threat indicators and the
corresponding signature ID for the violation identified in the log entry.
The threat indicator name and signature ID are displayed under the header
information of each syslog entry. For example, a CEF-format header similar to the
following is
displayed for a Ransomware threat indicator:
CEF:0|Trend Micro|Deep Discovery Web
Inspector|2.5.0.1105|100001|Ransomware|3|
Violation Threat Indicators
|
Threat Indicator Name
|
Signature ID
|
|
Ransomware
|
100001 |
|
C&C Callbacks
|
100002 |
|
Suspicious Malware
|
100003 |
|
Suspicious URLs
|
100004 |
|
Suspicious Documents
|
100005 |
|
Suspicious Scripts
|
100006 |
|
Coin Miners
|
100007 |
|
Other
All other detections not belonging to advanced detections, for example,
detections of known malware or by Web Reputation Service.
|
100000 |