Version:

Expected Log Samples

JSON

Trellix: {"detectedutc": {"name": "detectedutc", "type": "java.sql.Timestamp", "value": 1689771674000}, "analyzermac": {"name": "analyzermac", "type": "java.lang.String", "value": "e070ea3c2444"}, "attackvectortype": {"name": "attackvectortype", "type": "java.lang.Integer", "value": 1}, "receivedutc": {"name": "receivedutc", "type": "java.sql.Timestamp", "value": "2023-07-19T13:03:02.215Z"}, "sourceprocessname": {"name": "sourceprocessname", "type": "java.lang.String", "value": "C:\\Program Files (x86)\\McAfee\\Endpoint Security\\Web Control\\McChHost.exe"}, "eventtimelocal": {"name": "eventtimelocal", "type": "java.sql.Timestamp", "value": 1689771674000}, "sourceipv6": {"name": "sourceipv6", "type": "java.lang.String", "value": "/0:0:0:0:0:ffff:52df:43b4"}, "sourceipv4": {"name": "sourceipv4", "type": "java.lang.String", "value": "10.10.10.10"}, "analyzerdetectionmethod": {"name": "analyzerdetectionmethod", "type": "java.lang.String", "value": "URL navigation"}, "targetusername": {"name": "targetusername", "type": "java.lang.String", "value": "BESTCORP\\nicolas.taviaux"}, "sourcefilesize": {"name": "sourcefilesize", "type": "java.lang.Integer", "value": 0}, "sourceparentprocesssigned": {"name": "sourceparentprocesssigned", "type": "java.lang.Boolean", "value": true}, "threatseverity": {"name": "threatseverity", "type": "java.lang.Byte", "value": 2}, "analyzer": {"name": "analyzer", "type": "java.lang.String", "value": "ENDP_WP_1070"}, "sourcesigned": {"name": "sourcesigned", "type": "java.lang.Boolean", "value": false}, "naturallangdescription": {"name": "naturallangdescription", "type": "java.lang.String", "value": "IDS_WC_NLD_URL_RATING|SourceURL=https://albertguzman.com/|SourceProcessName=C:\\Program Files (x86)\\McAfee\\Endpoint Security\\Web Control\\McChHost.exe|SourceUserName=BESTCORP\\nicolas.taviaux|ThreatActionTaken=blocked|AnalyzerName=Trellix Endpoint Security|SourceURLRatingCode=IDS_SECUIRTY_RATING_SA_RED"}, "tenantid": {"name": "tenantid", "type": "java.lang.Long", "value": 185}, "nodepath": {"name": "nodepath", "type": "java.lang.String", "value": "1\\913\\55295\\55297\\55301"}, "sourceurlwebcategory": {"name": "sourceurlwebcategory", "type": "java.lang.String", "value": "IDS_SAE_CONTENT_MS"}, "threattype": {"name": "threattype", "type": "java.lang.String", "value": "IDS_THREAT_TYPE_URL"}, "threateventid": {"name": "threateventid", "type": "java.lang.Integer", "value": 18600}, "sourceparentprocesssigner": {"name": "sourceparentprocesssigner", "type": "java.lang.String", "value": "Google LLC"}, "analyzergtiquery": {"name": "analyzergtiquery", "type": "java.lang.Boolean", "value": true}, "sourceurlratingcode": {"name": "sourceurlratingcode", "type": "java.lang.String", "value": "IDS_SECUIRTY_RATING_SA_RED"}, "analyzerversion": {"name": "analyzerversion", "type": "java.lang.String", "value": "10.10.10.10"}, "agentguid": {"name": "agentguid", "type": "java.util.UUID", "value": "e205c8aa-7065-48c7-a84d-5e7b247da406"}, "threatactiontaken": {"name": "threatactiontaken", "type": "java.lang.String", "value": "blocked"}, "threatname": {"name": "threatname", "type": "java.lang.String", "value": "Web Control Violation"}, "analyzername": {"name": "analyzername", "type": "java.lang.String", "value": "Trellix Endpoint Security"}, "sourceurl": {"name": "sourceurl", "type": "java.lang.String", "value": "https://albertguzman.com/"}, "sourceparentprocessname": {"name": "sourceparentprocessname", "type": "java.lang.String", "value": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"}, "threatcategory": {"name": "threatcategory", "type": "java.lang.String", "value": "wp.detect.url"}, "autoguid": {"name": "autoguid", "type": "java.util.UUID", "value": "a34b89e8-eb80-4c30-b65e-530f27958ff4"}, "targetipv6": {"name": "targetipv6", "type": "java.lang.String", "value": "/0:0:0:0:0:ffff:a22:4129"}, "analyzeripv6": {"name": "analyzeripv6", "type": "java.lang.String", "value": "/0:0:0:0:0:ffff:a22:4129"}, "sourceprocesshash": {"name": "sourceprocesshash", "type": "java.lang.String", "value": "58b4399a9eff243799e83a353cca135c"}, "analyzeripv4": {"name": "analyzeripv4", "type": "java.lang.String", "value": "10.10.10.10"}, "bladename": {"name": "bladename", "type": "java.lang.String", "value": "IDS_BLADE_NAME_WP"}, "sourceusername": {"name": "sourceusername", "type": "java.lang.String", "value": "BESTCORP\\nicolas.taviaux"}, "sourceparentprocesshash": {"name": "sourceparentprocesshash", "type": "java.lang.String", "value": "e47b31a23c26a24239a405dc1a7a7549"}, "analyzerhostname": {"name": "analyzerhostname", "type": "java.lang.String", "value": "BS039614"}, "targetipv4": {"name": "targetipv4", "type": "java.lang.String", "value": "10.10.10.10"}, "tenantguid": {"name": "tenantguid", "type": "java.lang.String", "value": "6BFF1BCE-D1BB-4DFC-97C2-1CC4733FB216"}, "threathandled": {"name": "threathandled", "type": "java.lang.Boolean", "value": true}}
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support