Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Access Logs (Key Value Pair) |
Base Rule |
Information |
General Information |
|
HTTP - 100 - Transitional - Continue |
Sub Rule |
Information |
HTTP 100 : Transition Status - Continue |
|
HTTP - 101 - Transitional - Protocol Switch |
Sub Rule |
Information |
HTTP 101 : Transition Status - Protocol Switch |
|
HTTP - 200 - Success - OK |
Sub Rule |
Information |
HTTP 200 : Success Reply - OK |
|
HTTP - 201 - Success - Created |
Sub Rule |
Information |
HTTP 201 : Success Reply - Created |
|
HTTP - 202 - Success - Accepted |
Sub Rule |
Information |
HTTP 202 : Success Reply - Accepted |
|
HTTP - 203 - Success - Nonauthoritative Info |
Sub Rule |
Information |
HTTP 203 : Success Reply - Nonauthoritative Info |
|
HTTP - 204 - Success - No Content |
Sub Rule |
Information |
HTTP 204 : Success Reply - No Content |
|
HTTP - 205 - Success - Reset Content |
Sub Rule |
Information |
HTTP 205 : Success Reply - Reset Content |
|
HTTP - 206 - Success - Partial Content |
Sub Rule |
Information |
HTTP 206 : Success Reply - Partial Content |
|
HTTP - 300 - Redirect - Multiple Choices |
Sub Rule |
Information |
HTTP 300 : Redirect - Multiple Choices |
|
HTTP - 301 - Redirect - Moved Permanently |
Sub Rule |
Information |
HTTP 301 : Redirect - Moved Permanently |
|
HTTP - 302 - Redirect - Moved Temporarily |
Sub Rule |
Information |
HTTP 302 : Redirect - Moved Temporarily |
|
HTTP - 303 - Redirect - See Other |
Sub Rule |
Information |
HTTP 303 : Redirect - See Other |
|
HTTP - 304 - Redirect - Not Modified |
Sub Rule |
Information |
HTTP 304 : Redirect - Not Modified |
|
HTTP - 306 - Redirect - Unused |
Sub Rule |
Information |
HTTP 306 : Redirect - Unused |
|
HTTP - 307 - Redirect - Temporary Redirect |
Sub Rule |
Information |
HTTP 307 : Redirect - Temporary Redirect |
|
HTTP - 400 - Req Error - Bad Request |
Sub Rule |
Error |
HTTP 400 : Request Error - Bad Request |
|
HTTP - 401.7 - Req Error - Access Deny (URL Auth) |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401.5 - Req Error - Auth Failed (ISAPI/CGI) |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401.4 - Req Error - Auth Failed (Filter) |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401.3 - Req Error - Unauth (ACL) |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401.2 - Req Error - Logon Fail (Svr Config) |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401.1 - Req Error - Logon Failed |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 401 - Req Error - Unauthorized |
Sub Rule |
Error |
HTTP 401 : Request Error - Unauthorized |
|
HTTP - 402 - Req Error - Payment Required |
Sub Rule |
Error |
HTTP 402 : Request Error - Payment Required |
|
HTTP - 403.20 - Req Error - Passport Logon Failed |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.19 - Req Error - Cannot Exec CGI |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.18 - Req Error - Cannot Exec URL |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.17 - Req Error - Cert Expired/Not Valid |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.16 - Req Error - Cert Untrusted/Invalid |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.15 - Req Error - CALs Exceeded |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.2 - Req Error - No Read Access |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.1 - Req Error - No Execute Access |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403 - Req Error - Forbidden |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.8 - Req Error - Site Access Denied |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.7 - Req Error - Client Cert Required |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.6 - Req Error - IP Rejected |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.5 - Req Error - SSL 128 Required |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.4 - Req Error - SSL Required |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.3 - Req Error - No Write Access |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.14 - Req Error - Dir List Denied |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.13 - Req Error - Client Cert Revoked |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.12 - Req Error - Mapper Denied Access |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.11 - Req Error - Password Change |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.10 - Req Error - Invalid Config |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 403.9 - Req Error - Too Many Users |
Sub Rule |
Error |
HTTP 403 : Request Error - Forbidden |
|
HTTP - 404.15 - Req Error - Req Query Too Long |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.14 - Req Error - Req URL Too Long |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.13 - Req Error - Req Content Too Large |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.12 - Req Error - Req High Bit Chars |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.11 - Req Error - Req URL Doubled Esc |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.10 - Req Error - Req Header Too Long |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.3 - Req Error - Denied By MIME Policy |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.2 - Req Error - Denied By Svc Policy |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.1 - Req Error - Site Not At Req Port |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404 - Req Error - Not Found |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.9 - Req Error - Denied (Hidden File) |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.8 - Req Error - Denied Hidden Namespace |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.7 - Req Error - Req File Ext Denied |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.6 - Req Error - Req Verb Denied |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.5 - Req Error - Req URL Seq Denied |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 404.4 - Req Error - No Handler |
Sub Rule |
Error |
HTTP 404 : Request Error - Not Found |
|
HTTP - 405 - Req Error - Method Not Allowed |
Sub Rule |
Error |
HTTP 405 : Request Error - Method Not Allowed |
|
HTTP - 406 - Req Error - Not Acceptable |
Sub Rule |
Error |
HTTP 406 : Request Error - Not Acceptable |
|
HTTP - 407 - Req Error - Proxy Auth Req |
Sub Rule |
Error |
HTTP 407 : Request Error - Proxy Auth Required |
|
HTTP - 408 - Req Error - Request Time-Out |
Sub Rule |
Error |
HTTP 408 : Request Error - Request Time-Out |
|
HTTP - 409 - Req Error - Conflict |
Sub Rule |
Error |
HTTP 409 : Request Error - Conflict |
|
HTTP - 410 - Req Error - Gone |
Sub Rule |
Error |
HTTP 410 : Request Error - Gone |
|
HTTP - 411 - Req Error - Length Required |
Sub Rule |
Error |
HTTP 411 : Request Error - Length Required |
|
HTTP - 412 - Req Error - Precondition Failed |
Sub Rule |
Error |
HTTP 412 : Request Error - Precondition Failed |
|
HTTP - 413 - Req Error - Request Item Too Big |
Sub Rule |
Error |
HTTP 413 : Request Error - Request Item Too Big |
|
HTTP - 414 - Req Error - Request-URL Too Large |
Sub Rule |
Error |
HTTP 414 : Request Error - Request-URL Too Large |
|
HTTP - 415 - Req Error - Unsupported Type |
Sub Rule |
Error |
HTTP 415 : Request Error - Unsupported Type |
|
HTTP - 416 - Req Error - Req Rng Unfillable |
Sub Rule |
Error |
HTTP 416 : Request Error - Range Unfillable |
|
HTTP - 417 - Req Error - Expectation Failed |
Sub Rule |
Error |
HTTP 417 : Request Error - Expectation Failed |
|
HTTP - 500.100 - Svr Error - Internal ASP Error |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500.18 - Svr Error - URL Auth Store Fail |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500.16 - Svr Error - Bad UNC Auth Cred |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500.15 - Svr Error - Global.asa Disallowed |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500.13 - Svr Error - Web Server Too Busy |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500.12 - Svr Error - App Busy Restarting |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 500 - Svr Error - Internal Server Error |
Sub Rule |
Error |
HTTP 500 : Server Error - Internal Server Error |
|
HTTP - 501 - Svr Error - Not Implemented |
Sub Rule |
Error |
HTTP 501 : Server Error - Not Implemented |
|
HTTP - 502 - Svr Error - Bad Gateway |
Sub Rule |
Error |
HTTP 502 : Server Error - Bad Gateway |
|
HTTP - 503 - Svr Error - Service Unavailable |
Sub Rule |
Error |
HTTP 503 : Server Error - Service Unavailable |
|
HTTP - 504 - Svr Error - Gateway Time-Out |
Sub Rule |
Error |
HTTP 504 : Server Error - Gateway Time-Out |
|
HTTP - 505 - Svr Error - HTTP Ver Unsupported |
Sub Rule |
Error |
HTTP 505 : Server Error - HTTP Ver Unsupported |
|
HTTP - 207 - Success - Multistatus Response |
Sub Rule |
Information |
HTTP 207 : Success - Multistatus Response |
|
HTTP - 305 - Redirect - Use Proxy |
Sub Rule |
Misuse |
Unauthorized Proxy Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<vmid> |
Text/String |
|
N/A |
<severity> |
Text/String |
|
N/A |
<sip> |
Ip Address |
|
N/A |
<dip> |
Ip Address |
|
N/A |
<dname> |
Text/String/Number |
|
N/A |
<dport> |
Number |
|
N/A |
<protname> |
Text/String/Number |
|
N/A |
<login> |
Text/String/Number |
|
N/A |
<domainorigin> |
Text/String/Number |
|
N/A |
<object> |
Text/String/Number |
|
N/A |
<objectname> |
Text/String/Number |
|
N/A |
<objecttype> |
Text/String/Number |
|
N/A |
<subject> |
Text/String/Number |
|
N/A |
<useragent> |
Text/String/Number |
|
N/A |
<url> |
Text/String/Number |
|
N/A |
<group> |
Text/String/Number |
|
N/A |
<command> |
Text/String/Number |
|
N/A |
<action> |
Text/String/Number |
|
N/A |
<result> |
Text/String/Number |
|
N/A |
<responsecode> |
Number |
|
N/A |
<bytesin> |
Number |
|
N/A |
<bytesout> |
Number |
|
N/A |
<duration> |
Number |
|
N/A |
<tag2> |
Text/String/Number |