I would like to ask for assistance in determining what time of syslog events are being received by our syslog server:

These are, I think Intrusion Events

Device SFIMS: [1:43687:2] "INDICATOR-COMPROMISE Suspicious .top dns query" [Impact: Potentially Vulnerable] From "Device" at Tue Jun 1 23:44:54 2021 UTC [Classification: Misc Activity] [Priority: 3] {udp} x.x.x.x:60786 (unknown)->y.y.y.y:53 (unknown)

Device SFIMS: [1:38355:3] "MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive" [Impact: Vulnerable] From "Device" at Tue Jun 1 22:12:50 2021 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} x.x.x.x:14411 (unknown)->y.y.y.y:3306 (japan)

This is a Connection Event:

Device SFIMS: Protocol: UDP, SrcIP: x.x.x.x, DstIP: y.y.y.y, SrcPort: 55745, DstPort: 53, TCPFlags: 0x0, IngressInterface: s1p2, EgressInterface: s1p1, IngressZone: Inside Zone, EgressZone: Outside Zone, DE: Primary Detection Engine (removed), Policy: Access Control Policy, ConnectType: Start, AccessControlRuleName: (removed), AccessControlRuleAction: Allow, Client: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 83, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: (removed), DNSRecordType: a host address, DNSResponseType: No Error, Sinkhole: Unknown, URLCategory: Unknown, URLReputation: Risk unknown

But how about this one, I'm unsure if it is also an Intrusion Event, as the format is different:

2021-05-30 14:00:16.000 +08:00 Device SFIMS: <*- Host IOC Set From Device at Sun May 30 14:00:16 2021 UTC -*> IP Address: x.x.x.x Category: CnC Connected; Event Type: Intrusion Event - malware-cnc