Log message by type

Log message by type

securityevent > av

Log ID

Level

Sub Type

Event Type

Message

96530

warning

action

Found virus

Field	Field Description	Field Type
action	block or monitor	string
file	file location	string
virus	virus name	string
sigid	signature id	string
from	email from	string
to	email to	string
service	network protocol	string
vpn	vpn tunnel name	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96531

warning

Found malware

Field	Field Description	Field Type
action	block or monitor	string
file	file location	string
virus	virus name	string
viruscat	virus category	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

securityevent > vulnerabilityscan

Log ID

Level

Sub Type

Event Type

Message

96521

info

vulnerabilityscan

status

A vulnerability scan result has been logged

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96522

info

vulnerabilityscan

status

Applying patch for vulnerability found

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

systemevent > endpoint

Log ID

Level

Sub Type

Event Type

Message

96953

info

endpoint

status

Endpoint Control Status Changed

Field	Field Description	Field Type
eponlinest	online status	enumeration string
epplace	EP place	enumeration string
emshostname	EMS host name	string
status	status description	string

96955

info

endpoint

status

Endpoint Control Registration Status Changed

Field	Field Description	Field Type
emshostname	EMS host name	string
status	status description	string
emsip	EMS IP	string
fctip	FCT IP	string

96956

info

endpoint

status

Endpoint Quarantine Status Changed

Field	Field Description	Field Type
epmgmtst	management status	enumeration string
epquarmsg	quarant message	string
emshostname	EMS host name	string

96957

info

endpoint

status

Endpoint Ext Log to FAZ

Field	Field Description	Field Type
epfeatures	installed features list	string
epenfeatures	enabled features list	string
ephbemsduration	EMS heart beat duration	int
ephbemslast	EMS heart beat last time	string
emshostname	EMS host name	string

96958

info

endpoint

status

User social media information

Field	Field Description	Field Type
social_email	social email	string
social_phone	social phone number	string
social_srvc	social service	string
social_user	social user name	string

securityevent > av

Log ID

Level

Sub Type

Event Type

Message

96530

warning

action

Found virus

Field	Field Description	Field Type
action	block or monitor	string
file	file location	string
virus	virus name	string
sigid	signature id	string
from	email from	string
to	email to	string
service	network protocol	string
vpn	vpn tunnel name	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

96531

warning

Found malware

Field	Field Description	Field Type
action	block or monitor	string
file	file location	string
virus	virus name	string
viruscat	virus category	string
sigid	signature id	string
filesize	file size	int
checksum	file crc32 checksum	int
detectedby	the security feature that detected virus	enumeration string
detectedin	where the virus is detected	enumeration string

securityevent > vulnerabilityscan

Log ID

Level

Sub Type

Event Type

Message

96521

info

vulnerabilityscan

status

A vulnerability scan result has been logged

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

96522

info

vulnerabilityscan

status

Applying patch for vulnerability found

Field	Field Description	Field Type
vulnid	id of the vulnerability	int
vulnname	name of the vulnerability	string
vulnseverity	severity level	string
vulncat	category	string
vulncvss	cvss score	string
vulnref	reference of the vulnerability	string
vulnengine	engine version	string
vulnsignature	signature version	string
vulnproducts	name of the vulnerable product	string

systemevent > endpoint

Log ID

Level

Sub Type

Event Type

Message

96953

info

endpoint

status

Endpoint Control Status Changed

Field	Field Description	Field Type
eponlinest	online status	enumeration string
epplace	EP place	enumeration string
emshostname	EMS host name	string
status	status description	string

96955

info

endpoint

status

Endpoint Control Registration Status Changed

Field	Field Description	Field Type
emshostname	EMS host name	string
status	status description	string
emsip	EMS IP	string
fctip	FCT IP	string

96956

info

endpoint

status

Endpoint Quarantine Status Changed

Field	Field Description	Field Type
epmgmtst	management status	enumeration string
epquarmsg	quarant message	string
emshostname	EMS host name	string

96957

info

endpoint

status

Endpoint Ext Log to FAZ

Field	Field Description	Field Type
epfeatures	installed features list	string
epenfeatures	enabled features list	string
ephbemsduration	EMS heart beat duration	int
ephbemslast	EMS heart beat last time	string
emshostname	EMS host name	string

96958

info

endpoint

status

User social media information

Field	Field Description	Field Type
social_email	social email	string
social_phone	social phone number	string
social_srvc	social service	string
social_user	social user name	string

Log Message Reference

Log message by type

securityevent > av

securityevent > vulnerabilityscan

systemevent > endpoint

Log message by type

securityevent > av

securityevent > vulnerabilityscan

systemevent > endpoint