Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Arpwatch Process |
Base Rule |
General Process Information |
Information |
|
Hostname Changed |
Sub Rule |
Host Information Changed |
Information |
|
Changed Ethernet Address |
Sub Rule |
IP Address Changed |
Information |
|
Flip Flop |
Sub Rule |
IP Address Changed |
Information |
|
Reused Old Ethernet Address |
Sub Rule |
Reused IP Address |
Information |
|
Arpwatch Bogon |
Sub Rule |
General Traffic Log |
Network Traffic |
Mapping of Arpwatch Process with LR Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text\String |
|
N/A |
<sip> |
Ip Address |
|
N/A |
<sname> |
Text\String |
|
N/A |
<dname> |
Text\String |
|
N/A |
<smac> |
Text\String |
|
N/A |
<dmac> |
Text\String |
|
N/A |
<process> |
Text\String |
|
N/A |
<tag1> |
Text\String |