Please refer to below table as StellarProtect (Legacy Mode) agent/server events in the Common Event Format.
|
CEF Key |
Description |
Possible Values / Example |
|---|---|---|
|
Header (logVer) |
CEF format version |
CEF:0 |
|
Header (vendor) |
Device Vendor |
TXOne Networks |
|
Header (pname) |
Device Product |
StellarOne, StellarProtect (Legacy Mode) |
|
Header (pver) |
Device Version |
2.0.1145 |
|
Header (eventid) |
Device Event Class ID |
2509, 6005 |
|
Header (eventName) |
Name |
Agent Event, Server Event, Console Log |
|
Header (severity) |
Severity |
4 |
|
rt |
Logged Time |
Apr 02 2022 13:31:51 GMT+00:00 |
|
msg |
Event Id mapped message |
File access blocked. File not found in Approved List |
|
dvchost |
Computer name |
Localhost |
|
dvc |
IP address |
192.168.154.137 |
|
cs1Label |
Detailed Event Message |
Detailed Event Message |
|
cs1 |
Event ID mapped detailed message |
File access blocked: C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\isD5V0T.tmp\\is-H7K4O.tmp Malware detected: Quarantine. File path: C:\\eicar\\EICAR_TEST_FILE.exe |
|
cs2Label |
Client OS |
Client OS |
|
cs2 |
OS description |
Microsoft Windows 7 Enterprise Edition Service Pack 1 build 7601, 64-bit |
|
cs3Label |
Client Description |
Client Description |
|
cs3 |
Description |
- |
|
suser |
Login User |
PC1688\\Administrator |
|
act |
Action Type |
ACTION_TYPE_BLOCKED |
|
fileHash |
SHA1 |
2201589AA3ED709B3665E4FF979E10C6AD5137F C |
|
filePath |
File path |
C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\is-D5V0T.tmp\\is-H7K4O.tmp |
|
fileCreateTime |
File create time |
04 02 2022 14:00:21 |
|
fileModificationTime |
File modified time |
04 02 2022 14:00:21 |
|
logGuid |
Log GUID |
: F43500BB-1F8A-4589-A292- 144A9DA343AA、{56B7345A-B6D3-4BBB-A515- 4AFFAE04092F} |
|
ServerIP |
Server IP |
10.8.145.157 |
