Blacklisted DNS Request Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Access Control Messages | Base Rule | Access Control List Warning | Warning |
| Alert Level Access Control Message | Sub Rule | Access Control List Critical | Critical |
| Info Level Access Control Message | Sub Rule | Access Control List Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | Text/String |
| N/A | <vmid> | Number |
| AccessControlRuleAction | <action> | Text/String |
| SrcIP | <sip> | Number |
| DstIP | <dip> | Number |
| SrcPort | <sport> | Number |
| DstPort | <dport> | Number |
| Protocol | <protname> | Text/String |
| ACPolicy | <policy> | Text/String |
| AccessControlRuleName | <objectname> | Text/String |
| ConnectionDuration | <seconds> | Number |
| UserAgent | <useragent> | Text/String |
| ClientVersion | <version> | Number |
| initiatorPackets | <packetsout> | Number |
| ResponderPackets | <packetsin> | Number |
| InitiatorBytes | <bytesout> | Number |
| ResponderBytes | <bytesin> | Number |
| Response | <responsecode> | Number |
| URLCategory | <objecttype> | Text/String |
| url | <url> | Number/Text |