ESET 온라인 도움말

검색 한국어
항목 선택

Syslog 이벤트 매핑

다음 표는 ArcSight 데이터 필드에 대한 ESET Mail Security 이벤트 매핑을 보여 줍니다. 이러한 테이블을 SmartConnector를 통해 ArcSight에 공급되는 항목에 대한 참조로 사용할 수 있습니다.

Header

Device Vendor

"ESET"

 

Device Product

"EMSX"

"EMSX" or "ESET Mail Security for MS Exchange Server"

Device Version

e.g. "7.1.10005.0"

 

Device Event Class ID

e.g. "101"

Device Event Category unique identifier:
100-199 malware
200-299 phish
300-399 spam
400-499 policy

Event Name

e.g. "MailScanResult: malware"

A brief description of what happened in the event:
MailScanResult: malware
MailScanResult: phishing link
MailScanResult: spam
MailScanResult: policy

CEF Key Name

CEF Key Full Name (Size)

Field Description

Detailed Field Description

rt

deviceReceiptTime

Time event was generated

The time at which the event was generated, in milliseconds since Jan 1st 1970

src

sourceAddress

Sender's IP

IP address of the sending mail server

shost

sourceHostName (1023)

Sender's HELO domain

HELO domain of the sending mail server

flexString1

flexString1

Message-ID

Message-ID header from the email

dhost

destinationHostName (1023)

Receiving server

Hostname of the machine that received the communication

msg

message (1023)

Message subject

Subject of the message, from the RFC5233 header "Subject:"

suser

sourceUserName (1023)

SMTP sender

SMTP sender of the email (MAIL FROM)

duser

destinationUserName (1023)

SMTP recipient(s)

SMTP recipient(s) of the email (RCPT TO)

act

deviceAction (63)

Action taken

Action taken (cleaned, quarantined, etc.)

cat

deviceEventCategory (1023)

Detection category

Most significant detection (malware >> phish >> spam >> SPF/DKIM >> policy)

sourceServiceName

sourceServiceName

Type of protection

SMTP Transport agent, On-demand database scan

deviceExternalId

deviceExternalId

Engine version

Anti-Malware engine version, Antispam engine version, e.g. "18620,7730"

cs1

deviceCustomString1

Anti-Malware result

Result of Anti-Malware scan, including threat name

cs1Label

deviceCustomString1Label

"Anti-Malware result"

 

cs2

deviceCustomString2

Antispam result

Result of Antispam scan, including reason for marking as spam

cs2Label

deviceCustomString2Label

"Antispam result"

 

cs3

deviceCustomString3

Anti-Phishing result

Result of Anti-Phishing scan, including detected URL

cs3Label

deviceCustomString3Label

"Anti-Phishing result"

 

cs4

deviceCustomString4

SPF/DKIM/DMARC result

Result of SPF/DKIM/DMARC check, in RFC7601 format

cs4Label

deviceCustomString4Label

"SPF/DKIM/DMARC result"

 

cs5

deviceCustomString5

"From:" sender

Sender address from RFC5322 header "From:"

cs5Label

deviceCustomString5Label

"From header"

 

cs6

deviceCustomString6

"To:" and "Cc:" recipients

Recipients addresses from RFC5322 headers "To:" and "Cc:"

cs6Label

deviceCustomString6Label

"To and Cc headers"

 

fname

filename (1023)

Attachment name

Name of the first detected attachment

fileHash

fileHash (255)

Attachment hash

Hash of the first detected attachment

fsize

fileSize

Attachment size

Size of the first detected attachment

reason

reason (1023)

Rule/policy activated

Name of the policy triggered by the email or it is content

ESETEMSXFileDetails

ESETEMSXFileDetails

File details

Information about all detected attachments, their names, hashes and sizes

Optional

CEF Key Name

CEF Key Full Name (Size)

Field Description

Detailed Field Description

end

endTime

Time event has ended

활동이 종료된 시간을 1970년 1월 1일부터 경과한 밀리초로 나타냅니다. ESET LiveGuard Advanced에 샌드박싱 기술을 사용하는 경우에만 유용합니다.

dtz

deviceTimeZone (255)

Timezone of the server

 

request

requestURL

Detected URL

메일 본문 또는 메일 헤더에서 추출된 악성 또는 차단 목록 URL입니다. 다양한 탐지 구성 요소가 이메일 메시지에서 여러 URL을 탐지할 수 있으므로 ESET Mail Security은(는) 로그에 단일 URL을 제공하지 않습니다.