Behavioral Analytics Messages | LogRhythm Documentation

Vendor Documentation

N/A

Rule Name	Rule Type	Common Event	Classification
Behavioral Analytics Messages	Base Rule	General Behavior Information	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	N/A
N/A	N/A	N/A	Device Vendor
product_name	<vendorinfo>	Text/String	N/A
oci_version	<version>	Text/String	N/A
risk_type_description	<vmid>	Text/String	N/A
event_sub_category	<object>	Text/String	N/A
Severity	<severity>	Number	Severity level; ranges from 1 to 10 (critical).
type	<objecttype>	Number	Can be: 0—Base event. 1—Aggregate event
Desc	<subject>	Text/String	N/A
mitreTactic	<session>	Text/String	N/A
mitreTechnique	<sessiontype>	Text/String	N/A
attackers	<sip>	IP Address	N/A
targets	<dip>	IP Address	N/A
attackHostGroup	N/A	N/A	N/A
targetHostGroup	N/A	N/A	N/A
app	<protname>	Text/String	Protocol/Application
appcount	N/A	N/A	N/A
interfaceCount	<quantity>	Number	N/A
violationCount	N/A	N/A	N/A
start	N/A	N/A	Start time of event.
end	N/A	N/A	End time of event.
url	<url>	Text/String	N/A
attackHostGroupCount	N/A	N/A	N/A
targetHostGroupCount	N/A	N/A	N/A
attackerCount	N/A	N/A	N/A
targetCount	N/A	N/A	N/A