Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Access Control Messages |
Base Rule |
Access Control List Warning |
Warning |
|
Alert Level Access Control Message |
Sub Rule |
Access Control List Critical |
Critical |
|
Info Level Access Control Message |
Sub Rule |
Access Control List Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
Text/String |
|
N/A |
<vmid> |
Number |
|
AccessControlRuleAction |
<action> |
Text/String |
|
SrcIP |
<sip> |
Number |
|
DstIP |
<dip> |
Number |
|
SrcPort |
<sport> |
Number |
|
DstPort |
<dport> |
Number |
|
Protocol |
<protname> |
Text/String |
|
ACPolicy |
<policy> |
Text/String |
|
AccessControlRuleName |
<objectname> |
Text/String |
|
ConnectionDuration |
<seconds> |
Number |
|
UserAgent |
<useragent> |
Text/String |
|
ClientVersion |
<version> |
Number |
|
initiatorPackets |
<packetsout> |
Number |
|
ResponderPackets |
<packetsin> |
Number |
|
InitiatorBytes |
<bytesout> |
Number |
|
ResponderBytes |
<bytesin> |
Number |
|
Response |
<responsecode> |
Number |
|
URLCategory |
<objecttype> |
Text/String |
|
url |
<url> |
Number/Text |