AnyConnect Session Messages

Classification

Rule Name	Rule Type	Common Event	Classification
AnyConnect Session Messages	Base Rule	Session Information	Information
Session Started	Sub Rule	Session Started	Other Audit Success
Session Stopped	Sub Rule	Session Stopped	Other Audit Success
Session Resumed	Sub Rule	Session Resumed	Other Audit Success

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<vmid>	Number
N/A	<sip>	IP Address
N/A	<dip>	IP Address
N/A	<login>	Text/String
N/A	<group>	Text/String
N/A	<command>	Text/String

×