ARP Security Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
ARP Security Events	Base Rule	General ARP Information	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Event ID	<vmid>	Number	Event ID 10401, 10402
Severity	<severity>	Text/String	For All: Information
Message	<subject> <status> <object>	Text/String/Number	Event ID 10401: ARP inspection configuration on VLAN
	<subject> <status> <dport>	Text/String/Number	Event ID 10402: ARP inspection port mode configuration