Views:
CEF Key
Description
Example
Header (Device Event Class ID)
Unique identifier per event-type
  • 900001
Header (Device Product)
Product of sending device
  • Vision One
Header (Device Vendor)
Product vendor
  • Trend Micro
Header (Device Version)
Service version
  • 1.0.0
Header (Name)
Category of the event
  • Vision One Workbench Alert
Header (Severity)
Importance of the event
  • 3: Low
  • 5: Medium
  • 7: High
  • 9: Critical
Header (Version)
CEF format version
  • CEF:0
externalId
Workbench ID
  • WB-9002-20210519-00014
cat
Workbench name
  • Possible APT Attack
cn1
Count of all impact scopes
  • 1
cn1Label
Corresponding label for the "cn1" field
  • Impact Scope Count
cs1
Workbench link
  • https://portal-int.visionone.trendmicro.com/index.html#/workbench?workbenchId=WB-9002-20210517-00001&ref=0c12e642ca5b7ed4436e5f23f568ae10066608d3
cs1Label
Corresponding label for the "cs1" field
  • Workbench link
msg
Description of the detection model
  • A user bypassed higher-level permissions.
rt
Workbench complete time
  • Dec 05 2022 05:26:45
sourceServiceName
Alert provider
  • SAE
  • TI
TrendMicroV1CompanyID
Company ID
  • 68960c94-9be6-4343-a4ca-6408de7aa331