Breadcrumbs

ASM Messages (Expanded Format)

Classification

Rule Name

Rule Type

Common Event

Classification

ASM Messages (Expanded Format)

Base Rule

General Attack Activity

Attack

Information Leakage Detected

Sub Rule

Data Compromised

Compromise

Cross Site Scripting Detected

Sub Rule

Cross-Site Scripting

Attack

Detection Evasion Detected

Sub Rule

General Attack Activity

Attack

HTTP Parser Attack Detected

Sub Rule

General Attack Activity

Attack

Predictable Resource Location Detected

Sub Rule

Vuln Low Severity : Misc.

Vulnerability

Non-Browser Client Detected

Sub Rule

HTTP Connect

Activity

Forceful Browsing Detected

Sub Rule

General Attack Activity

Attack

Abuse Of Functionality Detected

Sub Rule

General Attack Activity

Attack

Command Execution Detected

Sub Rule

Arbitrary Code Execution

Attack

Session Hijacking Detected

Sub Rule

Session Hijacking Activity

Attack

Buffer Overflow Detected

Sub Rule

Buffer Overflow/Underflow

Attack

Parameter Tampering Detected

Sub Rule

General Attack Activity

Attack

Buffer Overflow And Forceful Browsing Blocked

Sub Rule

Failed General Attack Activity

Failed Attack

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

LOC0

<severity>

Text/String

N/A

<vmid>

Numeric

asm

<sip>

IP Address

N/A

<dip>

IP Address

N/A

<dport>

Number

N/A

<protname>

Text/String

N/A

<session>

Number

N/A

<process>

Text/String

N/A

<object>

Text/String

N/A

<objectname>

Text/String

N/A

<subject>

Text/String

N/A

<threatname>

Text/String

User-Agent

<useragent>

Text/String

N/A

<url>

Text/String

N/A

<command>

Text/String

N/A

<tag1>

Text/String

N/A

<tag2>

Text/String

N/A

<tag3>

Text/String