Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
AnyConnect Session Messages |
Base Rule |
Session Information |
Information |
|
Session Started |
Sub Rule |
Session Started |
Other Audit Success |
|
Session Stopped |
Sub Rule |
Session Stopped |
Other Audit Success |
|
Session Resumed |
Sub Rule |
Session Resumed |
Other Audit Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<sip> |
IP Address |
|
N/A |
<dip> |
IP Address |
|
N/A |
<login> |
Text/String
|
|
N/A |
<group> |
Text/String
|
|
N/A |
<command> |
Text/String
|