Trend Micro Deep Discovery Director sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar®.

The following table provides sample event messages when you use the Syslog protocol for the Trend Micro Deep Discovery Director DSM:
Table 1. Trend Micro Deep Discovery Director sample message supported by Trend Micro Deep Discovery Director.
Event name Low-level category Sample log message
DENYLIST _CHANGE Successful Configuration Modification
Oct 24 12:37:32 LEEF:1.0|Trend 
Micro|Deep Discovery Director||DENYLIST
_CHANGE|devTime=Oct 24 2018 12:37:32 GMT+08:00	
devTimeFormat=MMM dd yyyy HH:mm:ss z	
sev=3	dvc=	dvchost=ddd35	deviceMacAddress=00-00-5E-00-5
3-00	deviceGUID=C4AC760E-8721-4B46-B966-47B
D419376D8	end=Jan 19 2038 11:14:07 GMT+08:0
0	act=Add	type=Deny List IP/Port	
dst=	deviceExternalRiskType=High	
SECURITY _RISK_ DETECTION Potential Misc Exploit
<156>LEEF:1.0|Trend Micro|Deep Discovery 
Origin=Inspector devTimeFormat=MMM dd yyyy 
HH:mm:ss z ptype=IDS dvc=198.51.10065 device
MacAddress=00-00-5E-00-53-00 dvchost=localhost 
devTime=May 25 2017 05:59:53 GMT+00:00 sev=8 
origin=Inspector protoGroup=SQL proto=UDP vLAN
Id=4095 deviceDirection=1 dhost=hit-nxdomain.o dst= dstPort=1207 dstMAC
=00:00:0c:07:ac:0 shost= src=198.
55.100.7 srcPort=1060 srcMAC=00:00:0c:07:ac:0 
sAttackPhase=Data Exfiltration fname=controller.
php fileType=458757 fsize=520704 ruleId=328 msg
=WEMON - HTTP (Request) deviceRiskConfidenceLevel
=1 suser=username@ex mailMsgSubject=Mail Subject botCommand
=msblast.exe botUrl=0005 channelName=#Infected 
chatUserName=fhkvmxya url=http://1.alisiosanguer requestClientApplicat
ion=Mozilla/4.0 (compatible; MSIE 8.0; Windows 
NT 5.1; Trident/4.0) pComp=VSAPI riskType=0 com
pressedFileName=test_inarc mitigationTaskId=48b
3d717-f30f-4890-8627-50bf75fbb6aa srcGroup=Defa
ult srcZone=1 dstGroup=Default dstZone=1 detect
ionType=2 act=not blocked threatType=1 interest
edIp= peerIp= fileHash
=F1C9FCF4B2F74E8EE53B6C006A4977F798A4D872 sUser1
=srcusername1 sUser1LoginTime=Mar 09 2017 12:34:
56 GMT+00:00 sUser2=srcusername2 sUser2LoginTime
=Mar 09 2017 12:34:56 GMT+00:00 sUser3=srcuserna
me3 sUser3LoginTime=Mar 09 2017 12:34:56 GMT+00:
00 dUser1=dstusername1 dUser1LoginTime=Mar 09 20
17 12:34:56 GMT+00:00 dUser2=dstusername2 dUser
2LoginTime=Mar 09 2017 12:34:56 GMT+00:00 dUser
3=dstusername3 dUser3LoginTime=Mar 09 2017 12:
34:56 GMT+00:00 suid=TsGh{USA-XP}803469 * 0 :
(null) cnt=4 sOS
Name=Windows dOSName=Windows aggregatedCnt=1 ccc
aDestinationFormat=URL cccaDetectionSource=RELE
VANCE_RULE cccaRiskLevel=1 cccaDestination=xili cccaDetection=1 evtCat=Malware ev
tSubCat=Grayware aptRelated=1 hackerGroup=defau
lt hackingCampaign=IXESHE malFamily=ZEUS pAtta
ckPhase=0 oldFileSize=65530 oldFileType=15073
28 oldFileHash=5A272B7441328E09704B6D7EABDBD5
1B8858FDE4 oldFileName=attachment