ASM Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
ASM Messages | Base Rule | General Attack Activity | Attack |
Information Leakage | Sub Rule | Data Compromised | Compromise |
Cross Site Scripting | Sub Rule | Cross-Site Scripting | Attack |
Detection Evasion | Sub Rule | General Attack Activity | Attack |
HTTP Parser | Sub Rule | HTTP Trace | Activity |
Predictable Resource Location | Sub Rule | Vuln Low Severity : Misc. | Vulnerability |
Non-Browser Client | Sub Rule | HTTP Connect | Activity |
Forceful Browsing | Sub Rule | General Attack Activity | Attack |
Abuse Of Functionality | Sub Rule | General Attack Activity | Attack |
Command Execution | Sub Rule | Arbitrary Code Execution | Attack |
Session Hijacking | Sub Rule | Session Hijacking Activity | Attack |
Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack |
Parameter Tampering | Sub Rule | General Attack Activity | Attack |
Informational Messages | Sub Rule | General Information Log Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
---|---|---|
LOC0 | <severity> | Text/String |
ASM | <vmid> | Text/String |
N/A | <sip> | IP Address |
N/A | <sname> | Text/String |
N/A | <dip> | IP Address |
N/A | <dport> | Number |
N/A | <snatip> | IP Address |
N/A | <protname> | Text/String |
N/A | <login> | Text/String |
N/A | <object> | Text/String |
N/A | <objectname> | Text/String |
N/A | <subject> | Text/String |
ASM | <threatname> | Text/String |
N/A | <useragent> | Text/String |
N/A | <url> | Text/String |
N/A | <command> | Text/String |
N/A | <action> | Text/String |
N/A | <responsecode> | Number |
N/A | <status> | Text/String |
ASM | <tag1> | Text/String |