Application Control 2

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
Application Control	Base Rule	General Application Control Message	Information
Application Control IPS Pass	Sub Rule	Application Control IPS Message	Information
Application Control IPS Block	Sub Rule	Application Control IPS Message	Information
Application Control IPS Reset	Sub Rule	Application Control IPS Message	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
logid	<vmid>	Number	The ID (logid) is a 10-digit field. It is a unique identifier for that specific log.
level	<severity>	Text\String	Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry,
srcip	<sip>	IP Address	IP address of the traffic’s origin
dstip	<dip>	IP Address	Destination IP address for the web.
srcport	<sport>	Number	Port number of the traffic's origin
dstport	<dport>	Number	Port number of the traffic's destination.
srcintf	<sinterface>	Text\String	Interface name of the traffic's origin.
dstintf	<dinterface>	Text\String	Interface of the traffic's destination.
proto	<protnum>	Number	The protocol used by web traffic (tcp by default)
service	<protname>	Text\String	Name of the service
user	<login>	Text\String	Name of the user
vd	<domainorigin>	Text\String	Name of the virtual domain in which the log message was recorded.
sessionid	<session>	Text\String	ID for the session.
app	<process>	Text\String	Name of the application.
appid	<processid>	Number	ID of the application.
appcat	<object>	Text\String	Category of the application.
url	<objectname> <url>	Text\String	N/A
msg	<subject>	Text\String	Message Description
group	<group>	Text\String	N/A
action	<command> <action>	Text\String	Status of the session