TMEF Virtual Analyzer Analysis Logs: Deny List Transaction Events
| TMEF Key | Description | Value  | 
| Header (timestamp) | Local time in the format: "Mmm dd
                                 hh:mm:ss" | Example: Dec 5 05:26:45 | 
| Header (host) | Hostname without the domain information | Example: internalAP1 | 
| Header (logVer) | TMEF format version | CEF: 0 | 
| Header (vendor) | Appliance vendor | Trend Micro | 
| Header (pname) | Appliance product | Deep Discovery Email Inspector | 
| Header (pver) | Appliance version | Example: 5.1.0.1110 | 
| Header (eventid) | Signature ID | 200120 | 
| Header (eventName) | Description | DENYLIST_CHANGE | 
| Header (severity) | Severity | 3 | 
| act | The action in the event | 
 | 
| cs1 | Deny List type | 
 | 
| cs1Label | Deny List type | type | 
| deviceExternalRiskType | Risk level | 
 | 
| deviceGUID | Appliance GUID | Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536 | 
| deviceMacAddress | Appliance MAC address | Example: 00:0C:29:56:B3:57 | 
| dhost | Destination host name | Example: dhost1 | 
| dpt | Destination port | Value between 0 and 65535 | 
| dst | Destination IP address | Example: 10.1.144.199 | 
| dvc | Appliance IP address | Example: 10.1.144.199 | 
| dvchost | Appliance host name | Example: localhost | 
| end | Report end time | Example: Mar 09 2015 17:05:21 GMT+00:00 | 
| fileHash | SHA1 | Example: 1EDD5B38DE4729545767088C5CAB395E4197C8F3 | 
| pComp | Detection engine / component | Sandbox | 
| request | URL | Example: http://www.rainking.net/?utm_campaign=4-21-2014
                                 |http://images.rainking.net/eloquaimage | 
| rt | Log generation time | Example: Mar 09 2015 17:05:21 GMT+00:00 | 
Log sample:
May 15 16:00:47 localhost CEF:0|Trend Micro|Deep Discovery Ema il Inspector|2.5.1.1161|200120|DENYLIST_CHANGE|3|rt=Apr 14 201 5 10:25:24 GMT+00:00 pComp=Sandbox dvc=10.64.1.131 dvchost=int ernalbeta.bcc.ddei deviceMacAddress=C4:34:6B:B8:09:BC deviceGU ID=034eb532-9318-40d9-b27b-d9feba7c269e cs1Label=type cs1=Deny List File SHA1 end=May 14 2015 09:59:20 GMT+00:00 act=Add fil eHash=522A90D077884E880A454A4D8E1A315FCE36BB12 deviceExternalR iskType=High
 
		