Trend Micro Apex One
Apex One endpoint logs: behavior monitoring hits, vulnerability protection, policy updates and audit records.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (76)
| Field | Type |
|---|---|
trendMicroApexOne.Severity Threat severity level. | pint |
trendMicroApexOne.Vendor Origination vendor name. | string |
trendMicroApexOne.Operating_System Host operating system. | text_general |
trendMicroApexOne.deviceFacility Facility or location of the device. | string |
trendMicroApexOne.Engine_Status Current status code of the protection engine. | plong |
trendMicroApexOne.Update_Agent Agent used for updates. | string |
trendMicroApexOne.shost Source host name. | text_general |
trendMicroApexOne.EventClassID Identifier for the event class. | plong |
trendMicroApexOne.AUComponent_Type Type of auto-update component. | string |
trendMicroApexOne.Engine_Version Version of the protection engine. | string |
trendMicroApexOne.dntdom Device NT domain name. | text_general |
trendMicroApexOne.Message Event or alert message text. | text_general |
trendMicroApexOne.Pattern_Rule_Version Version of the pattern/rule set. | string |
trendMicroApexOne.deviceNtDomain Active Directory domain of the device. | text_general |
trendMicroApexOne.ApexCentralHost Managed Apex Central host name. | text_general |
trendMicroApexOne.Engine Identifier for the protection engine module. | plong |
trendMicroApexOne.msg Generic message field (duplicate of Message). | text_general |
trendMicroApexOne.Domain User or device domain name. | text_general |
trendMicroApexOne.ProductVersion Version of the Apex One product installed. | string |
trendMicroApexOne.rt Record timestamp. | pdate |
trendMicroApexOne.Pattern_Rule_Status Deployment status of pattern/rule set. | plong |
trendMicroApexOne.Product Name of the Apex One product. | string |
trendMicroApexOne.Connection_Status Network connection status code. | pint |
trendMicroApexOne.Pattern_Rule Identifier for the pattern/rule set. | plong |
trendMicroApexOne.cn1 Custom numeric field #1. | plong |
trendMicroApexOne.cn1Label Label for custom numeric field #1. | string |
trendMicroApexOne.cn2 Custom numeric field #2. | plong |
trendMicroApexOne.cn2Label Label for custom numeric field #2. | string |
trendMicroApexOne.cn3 Custom numeric field #3. | plong |
trendMicroApexOne.cn3Label Label for custom numeric field #3. | string |
trendMicroApexOne.cn4 Custom numeric field #4. | plong |
trendMicroApexOne.cn4Label Label for custom numeric field #4. | string |
trendMicroApexOne.cn5 Custom numeric field #5. | plong |
trendMicroApexOne.cn5Label Label for custom numeric field #5. | string |
trendMicroApexOne.cn6 Custom numeric field #6. | plong |
trendMicroApexOne.cn6Label Label for custom numeric field #6. | string |
trendMicroApexOne.cs1 Custom string field #1. | string |
trendMicroApexOne.cs1Label Label for custom string field #1. | string |
trendMicroApexOne.cs2 Custom string field #2. | string |
trendMicroApexOne.cs2Label Label for custom string field #2. | string |
trendMicroApexOne.cs3 Custom string field #3. | string |
trendMicroApexOne.cs3Label Label for custom string field #3. | string |
trendMicroApexOne.cs4 Custom string field #4. | string |
trendMicroApexOne.cs4Label Label for custom string field #4. | string |
trendMicroApexOne.cs5 Custom string field #5. | string |
trendMicroApexOne.cs5Label Label for custom string field #5. | string |
trendMicroApexOne.cs6 Custom string field #6. | string |
trendMicroApexOne.cs6Label Label for custom string field #6. | string |
trendMicroApexOne.Product_Entity_Endpoint Endpoint entity name for the product. | text_general |
trendMicroApexOne.Product_Host_Endpoint Host endpoint name for the product. | text_general |
trendMicroApexOne.Product_Endpoint_IP IP address of the product endpoint. | text_general |
trendMicroApexOne.Product_Endpoint_MAC MAC address of the product endpoint. | string |
trendMicroApexOne.Managing_Apex_Central_Entity Entity name managing this endpoint in Apex Central. | text_general |
trendMicroApexOne.Managing_Server_Entity Server entity name managing this endpoint. | text_general |
trendMicroApexOne.Data_Protection_Status Current data protection status. | string |
trendMicroApexOne.Product_Version Duplicate of ProductVersion - installed product version. | string |
trendMicroApexOne.Endpoint_Sensor_Version Version of the endpoint sensor component. | string |
trendMicroApexOne.Application_Control_Version Version of the application control module. | string |
trendMicroApexOne.Vulnerability_Protection_Version Version of the vulnerability protection module. | string |
trendMicroApexOne.Product_Build Build number of the product. | string |
trendMicroApexOne.Product_Role Role designation of the product installation. | string |
trendMicroApexOne.OS_Version Version of the host operating system. | string |
trendMicroApexOne.OS_Service_Pack Service pack level of the OS. | string |
trendMicroApexOne.Last_Scheduled_Scan Timestamp of last scheduled scan. | pdate |
trendMicroApexOne.Last_Manual_Scan Timestamp of last manual scan. | pdate |
trendMicroApexOne.Last_Scan_Now Timestamp when a \u2018scan now' was triggered. | pdate |
trendMicroApexOne.Real_time_Scan Real-time scan status (Enabled/Disabled). | string |
trendMicroApexOne.Firewall Associated firewall name or ID. | string |
trendMicroApexOne.Pattern_Rule_Deployment_Status Deployment status of the pattern rules. | string |
trendMicroApexOne.Pattern_Rule_Deployment Timestamp of last pattern rule deployment. | pdate |
trendMicroApexOne.Engine_Deployment_Status Deployment status of the engine. | string |
trendMicroApexOne.Engine_Deployment Timestamp of last engine deployment. | pdate |
trendMicroApexOne.Logon_User User account that logged on when event occurred. | text_general |
trendMicroApexOne.Last_Startup Timestamp of last system startup. | pdate |
trendMicroApexOne.Offline_Time Timestamp when the endpoint went offline. | pdate |
trendMicroApexOne.User_Name Name of the local user account. | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.