Catch All: Level 1 1
Vendor Documentation
| https://docs.imperva.com/bundle/cloud-application-security/page/more/log-file-structure.htm |
| https://docs.imperva.com/bundle/cloud-application-security/page/more/example-logs.htm |
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| Vendor | N/A | N/A |
| DeviceProduct | N/A | N/A |
| Version | N/A | N/A |
| Event ID | N/A | N/A |
| Attack Name | <vmid> | N/A |
| Attack Severity | <severity> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
| Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1010261 | Catch All: Level 1 | Base Rule | Syslog Information | Information |
| SQL Injection | Sub Rule | SQL Injection | Attack | |
| Cross Site Scripting | Sub Rule | Cross-Site Scripting | Attack | |
| Manual Rule | Sub Rule | General Syslog Alert | Critical | |
| Ddos | Sub Rule | Host Distributed Denial Of Service | Denial Of Service | |
| Backdoor | Sub Rule | Possible Backdoor Activity | Malware | |
| Bad Bots | Sub Rule | Unauthorized Program/Process | Misuse | |
| ACL - Block Country IP URL | Sub Rule | General ACL Deny Event | Network Traffic |
LogRhythm Default v2.0
N/A