Arpwatch Process
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Arpwatch Process | Base Rule | General Process Information | Information |
| Hostname Changed | Sub Rule | Host Information Changed | Information |
| Changed Ethernet Address | Sub Rule | IP Address Changed | Information |
| Flip Flop | Sub Rule | IP Address Changed | Information |
| Reused Old Ethernet Address | Sub Rule | Reused IP Address | Information |
| Arpwatch Bogon | Sub Rule | General Traffic Log | Network Traffic |
Mapping of Arpwatch Process with LR Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <sip> | Ip Address |
| N/A | <sname> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <smac> | Text\String |
| N/A | <dmac> | Text\String |
| N/A | <process> | Text\String |
| N/A | <tag1> | Text\String |