Alert Messages

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Rule Name	Rule Type	Common Event	Classification
Alert Messages	Base Rule	General Alert Message	Information
EVID 76509 : File_Malware-Detected	Sub Rule	Detected Malware Activity	Malware
EVID 70471 : DNS_Server-Class-Unknown	Sub Rule	Non Compliant DNS	Activity
EVID 70590 : TCP_Checksum-Mismatch	Sub Rule	Vuln Low Severity : TCP/IP	Vulnerability
EVID 70422 : DNS_Client-UDP-Extra-Data	Sub Rule	Non Compliant DNS	Activity
EVID 70428 : DNS_Client-Type-Unknown	Sub Rule	Non Compliant DNS	Activity
EVID 70407 : DNS_Client-Name-Bad-Label-Type	Sub Rule	Non Compliant DNS	Activity
EVID 79891 : HTTP_Headerline_LF	Sub Rule	Non Compliant DNS	Activity
EVID 501487 : Binary_Confl-Content-Type-Text-Plain	Sub Rule	Vuln Low Severity : Protocol Violation	Vulnerability
EVID 501485 : Binary_Conflicting-Content-Type-Text	Sub Rule	Vuln Low Severity : Protocol Violation	Vulnerability
EVID 76457 : HTTP_Server-Nested-Multipart-Message	Sub Rule	Vuln Low Severity : Web Server	Vulnerability
EVID 70425 : DNS_Client-Class-Unknown	Sub Rule	Non Compliant DNS	Activity
EVID 278069 : MHTML-Info-Dsclosure-CVE-2011-0096-3	Sub Rule	Vuln High Severity : Web Server	Vulnerability
EVID 275505 : HTTP_SLS-Unauthorized-Status-Code	Sub Rule	User Logon Failure	Authentication Failure
EVID 316105 : Authentication-Null-Session-DOS	Sub Rule	Vuln Low Severity : Denial Of Service	Vulnerability
EVID 264210 : HTTPS_CS-OpenSSL-SSLv3-Get-Shared-Ci	Sub Rule	Cipher Information	Information
EVID 276065 : HTTP_CSU-Excessively-Long-Url	Sub Rule	Url Too Long	Warning
EVID 70613 : TCP_Segment-Invalid	Sub Rule	General TCP/IP Warning	Warning
EVID 70802 : System_Engine-LOGIN_Failed	Sub Rule	Computer Logon Failure	Authentication Failure
EVID 71423 : HTTP_Client-Obsolete-Header-Line-Fold	Sub Rule	HTTP Header Error	Error

Device Key in Log Message	LogRhythm Schema	Data Type
Version	<version>	Number
vmid	<vmid>	Number
objectname	<objectname>	Text/String
cve	<cve>	Text/String/Number
severity	<severity>	Text/String/Number
spt	<sport>	Number
dst	<dip>	IP Address
cat	<subject>	Text/String/Number
requestURL	<url>	Text/String
app	<session>	Text/String/Number
act	<command>	Text/String
deviceoutboundinterface	<sinterface>	Text/String/Number
deviceinboundinterface	<dinterface>	Text/String/Number
proto	<protnum>	Number
dpt	<dport>	Number
src	<sip>	IP Address

Vendor Documentation

Classification

Mapping with LogRhythm Schema