Breadcrumbs

ASM Messages 2

Classification

Rule Name

Rule Type

Common Event

Classification

ASM Messages 2

Base Rule

General Attack Activity

Attack

Information Leakage

Sub Rule

Data Compromised

Compromise

Cross Site Scripting

Sub Rule

Cross-Site Scripting

Attack

Detection Evasion

Sub Rule

General Attack Activity

Attack

HTTP Parser

Sub Rule

HTTP Trace

Activity

Predictable Resource Location

Sub Rule

Vuln Low Severity : Misc.

Vulnerability

Non-Browser Client

Sub Rule

HTTP Connect

Activity

Forceful Browsing

Sub Rule

General Attack Activity

Attack

Abuse of Functionality

Sub Rule

General Attack Activity

Attack

Command Execution

Sub Rule

Arbitrary Code Execution

Attack

Session Hijacking

Sub Rule

Session Hijacking Activity

Attack

Buffer Overflow

Sub Rule

Buffer Overflow/Underflow

Attack

Passed

Sub Rule

General Process Information

Information

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<severity>

Text/String

N/A

<vmid>

Text/String

N/A

<vendorinfo>

Text/String

N/A

<sip>

IP Address

N/A

<sname>

Text/String

N/A

<dip>

IP Address

N/A

<sport>

Number

N/A

<dport>

Number

N/A

<protname>

Text/String

N/A

<process>

Text/String

N/A

<object>

Text/String

N/A

<threatname>

Text/String

N/A

<useragent>

Text/String

status_code

<responsecode>

Number

N/A

<tag1>

Text/String

N/A

<tag2>

Text/String