CEF Workbench Logs

CEF Workbench Logs

CEF Key Description Value
Header (Version) CEF format version CEF:0
Header (Device Vendor) Product vendor Trend Micro
Header (Device Product) Product of sending device Vision One
Header (Device Version) Service version 1.0.0
Header (Device Event Class ID) A unique identifier per event-type 900001
Header (Name) Category of the event Vision One Workbench Alert
Header (Severity) Importance of the event

Example: 3

  • 3: Low

  • 5: Medium

  • 7: High

  • 9: Critical

externalId Workbench ID Example: "WB-9002-20210519-00014"
cat Workbench name Example: "Possible APT Attack"
rt Workbench complete time Example: "Dec 05 2022 05:26:45"
sourceServiceName Alert provider

Example: "SAE"

  • "SAE"

  • "TI"

msg Description of the detection model Example: "A user bypass higher-level permissions."
cn1 count of all impact scopes Example: 1
cn1Label Corresponding label for the "cn1" field Example: "Impact Scope Count"
cs1 Workbench link Example: "https://portal-int.visionone.trendmicro.com/index.html#/workbench?workbenchId=WB-9002-20210517-00001&ref=0c12e642ca5b7ed4436e5f23f568ae10066608d3"
cs1Label Corresponding label for the "cs1" field Example: "Workbench Link"
TrendMicroV1CompanyID Company ID Example: "68960c94-9be6-4343-a4ca-6408de7aa331"