ASM Messages (Expanded Format)
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| ASM Messages (Expanded Format) | Base Rule | General Attack Activity | Attack |
| Information Leakage Detected | Sub Rule | Data Compromised | Compromise |
| Cross Site Scripting Detected | Sub Rule | Cross-Site Scripting | Attack |
| Detection Evasion Detected | Sub Rule | General Attack Activity | Attack |
| HTTP Parser Attack Detected | Sub Rule | General Attack Activity | Attack |
| Predictable Resource Location Detected | Sub Rule | Vuln Low Severity : Misc. | Vulnerability |
| Non-Browser Client Detected | Sub Rule | HTTP Connect | Activity |
| Forceful Browsing Detected | Sub Rule | General Attack Activity | Attack |
| Abuse Of Functionality Detected | Sub Rule | General Attack Activity | Attack |
| Command Execution Detected | Sub Rule | Arbitrary Code Execution | Attack |
| Session Hijacking Detected | Sub Rule | Session Hijacking Activity | Attack |
| Buffer Overflow Detected | Sub Rule | Buffer Overflow/Underflow | Attack |
| Parameter Tampering Detected | Sub Rule | General Attack Activity | Attack |
| Buffer Overflow And Forceful Browsing Blocked | Sub Rule | Failed General Attack Activity | Failed Attack |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| LOC0 | <severity> | Text/String |
| N/A | <vmid> | Numeric |
| asm | <sip> | IP Address |
| N/A | <dip> | IP Address |
| N/A | <dport> | Number |
| N/A | <protname> | Text/String |
| N/A | <session> | Number |
| N/A | <process> | Text/String |
| N/A | <object> | Text/String |
| N/A | <objectname> | Text/String |
| N/A | <subject> | Text/String |
| N/A | <threatname> | Text/String |
| User-Agent | <useragent> | Text/String |
| N/A | <url> | Text/String |
| N/A | <command> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <tag2> | Text/String |
| N/A | <tag3> | Text/String |