Skip to main content
Skip table of contents

Catch All : Level 2 (LST: Syslog - Symantec ICDX CEF)

Vendor Documentation

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/integrated-cyber-defense-exchange/generated-pdfs/ICDx_1.4.1_Administration_Guide.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

Catch All : Level 2

Base Rule

General Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Version

N/A

N/A

N/A

Vendor

N/A

N/A

N/A

Device Product

N/A

N/A

N/A

Device Version

<version>

Number

N/A

Device Event Class_ID

<vmid>

Text/String

The number representing the type of the event. If translation is used, the type enum name is defined by the ICD Schema.

Name

<vendorinfo>

Text/String

The description of the event. If the message attribute is missing and translation is used, the name is generated using the type_id and id enum names.

Severity

<severity>

Number

The severity of the event, mapped as follows:

  • ICD Severity = CEF Severity

  • 0 (Unknown or missing) = Unknown

  • 1 (Informational) = 1

  • 2 (Warning) = 3

  • 3 (Minor) = 6

  • 4 (Major) = 8

  • 5 (Critical) = 9

  • 6 (Fatal) = 10

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close