|
CEF Key |
Description |
Value |
|---|---|---|
|
Header (logVer) |
CEF format version |
CEF:0 |
|
Header (vendor) |
Appliance vendor |
Trend Micro |
|
Header (pname) |
Appliance product |
Apex Central |
|
Header (pver) |
Appliance version |
2019 |
|
Header (eventid) |
Device event class ID |
|
|
Header (eventName) |
Event name |
Endpoint Application Control Violation Information |
|
Header (severity) |
Severity |
3 |
|
deviceExternalId |
ID |
Example: "39" |
|
rt |
Log generation time in UTC |
Example: "Feb 14 2017 11:14:08 GMT+00:00" |
|
dvchost |
Computer name |
Example: "localhost" |
|
shost |
Client host name |
Example: "shost1" |
|
cs1 |
Product server pattern version |
Example: "1297" |
|
suser |
Client user name |
Example: "TREND\User" |
|
cs2 |
Client IPv4 address |
Example: "10.0.17.6" |
|
c6a3 |
Client IPv6 address |
Example: "fe80::38ca:cd15:443c:40bb%11" |
|
cn1 |
Client status |
|
|
filehash |
Application file SHA-1 hash |
Example: "D6712CAE5EC821F910E14945153AE7871AA536CA" |
|
fname |
Application file name |
Example: "notepad.exe" |
|
cs3 |
Application process command line |
Example: "notepad.exe" |
|
duser |
User name |
Example: "Admin004" |
|
cs4 |
Rule name |
Example: "SAMPLE RULE SET" |
|
cs5 |
Policy name |
Example: "SAMPLE POLICY" |
|
act |
Policy action |
|
|
deviceFacility |
Product name |
Example: "Trend Micro Endpoint Application Control" |
Log sample:
CEF:0|Trend Micro|Apex Central|2019|EAC:1|Endpoint Applica tion Control Violation Information|3|deviceExternalId=39 rt= Jun 27 2012 03:14:03 GMT+00:00 cs1Label=Version cs1=1.299.00 suser=TMCM\\QA cs2Label=ApplicationControlEvent_ClientIPAdd ress_V4 cs2=0.0.0.0 cn1Label=Connection_Status cn1=0 fileHas h=c0869b72C5606D22D92A6AC986686BB87485A25b fname=P2P_TEST.ex e cs3Label=Command cs3=C:\\P2P_TEST.exe duser=QA cs4Label=Ru le cs4=Test cs5Label=Policy cs5=TestPolicy act=Blocked devic eFacility=Trend Micro Endpoint Application Control