TMEF Retro Scan Report Logs
|
TMEF Key
|
Description
|
Value
|
|
Header (logVer)
|
TMEF format version
|
CEF: 0
|
|
Header (vendor)
|
Appliance vendor
|
Trend Micro
|
|
Header (pname)
|
Appliance product
|
Deep Discovery Inspector
|
|
Header (pver)
|
Appliance version
|
Example: 3.8.1181
|
|
Header (eventid)
|
Signature ID
|
100133
|
|
Header (eventName)
|
Event Name
|
RETROSCAN_REPORT
|
|
Header (severity)
|
Severity
|
8
|
|
callback_attempt_num
|
Number of callback attempts
|
Example: 20
|
|
cnc_host_num
|
Number of C&C hosts
|
Example: 1
|
|
compromised_client_num
|
Number of compromised clients
|
Example: 1
|
|
deviceGUID
|
Appliance GUID
|
Example: 6B593E17AFB7-40FBBB28-A4CE-0462-A536
|
|
firstCallbackTime
|
First callback time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
|
lastCallbackTime
|
Last callback time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
|
report_id
|
Report ID
|
Example: 74c15fe0-90c9-446b-abc4-379d6d7213e7
|
|
report_ts
|
Report time
|
Example: Mar 09 2015 17:05:21 GMT+08:00
|
|
report_url
|
Report URL
|
Example: https://retroscan.trendmicro.com/ retroscan/scanDetails.html?
reportID\=1e84c77b-0452-4f00-b5b8-e41c0ea9ef1a &reportType\=standard
|
Log sample:
CEF:0|Trend Micro|Deep Discovery Inspector|3.8.1200|100133|R ETROSCAN_REPORT|8|guid=906A61690458-4099A441-898C-BDD2-C7C1 report_ts=Mar 29 2015 03:14:27 GMT+02:00 report_id=ffa9474d- 6d72-44f7-a99c-c0d230fec1f3 report_url=https://retroscan.tre ndmicro.com/retroscan/scanDetails.html?reportID\=1e84c77b-04 52-4f00-b5b8-e41c0ea9ef1a&reportType\=standard compromised_c lient_num=1 cnc_host_num=1 callback_attempt_num=20 firstCall backTime=Mar 29 2015 03:04:27 GMT+02:00 lastCallbackTime=Mar 29 2015 03:09:27 GMT+02:00