Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Cisco Secure Email Events |
Base Rule |
Information |
General AlertEmail |
|
Cisco Secure Email Delivered |
Sub Rule |
Information |
Email Delivered |
|
Cisco Secure Email Dropped |
Sub Rule |
Information |
Message Dropped |
|
Cisco Secure Email Bounced |
Sub Rule |
Warning |
Email Message Bounced |
|
Cisco Secure Email Quarantined |
Sub Rule |
Failed Activity |
Quarantined Message |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
CEF format version |
|
N/A |
N/A |
N/A |
Appliance vendor |
|
N/A |
<vendorinfo> |
String |
Appliance product |
|
N/A |
<version> |
Text/String |
Appliance version |
|
N/A |
<vmid> |
String |
Event Class ID |
|
N/A |
N/A |
N/A |
Event Name |
|
N/A |
<severity> |
Number |
Severity |
|
deviceExternalId |
<serialnumber> |
Text/String |
Serial Number |
|
ESAMID |
N/A |
N/A |
N/A |
|
ESAICID |
N/A |
N/A |
ICID |
|
ESAAMPVerdict |
N/A |
N/A |
AMP Verdict |
|
ESAASVerdict |
N/A |
N/A |
AS Verdict |
|
ESAAVVerdict |
N/A |
N/A |
AV Verdict |
|
ESACFVerdict |
N/A |
N/A |
Content Filters Verdict |
|
endTime |
N/A |
N/A |
DCID Timestamp |
|
ESADLPVerdict |
N/A |
N/A |
DLP Verdict |
|
dvc |
N/A |
N/A |
Data IP |
|
ESAFriendlyFrom |
N/A |
N/A |
Friendly From |
|
ESAGMVerdict |
N/A |
N/A |
Graymail Verdict |
|
startTime |
N/A |
N/A |
ICID Timestamp |
|
deviceInboundInterface |
N/A |
N/A |
Listener Name |
|
deviceDirection |
N/A |
N/A |
Mail Direction |
|
ESAMailFlowPolicy |
<policy> |
String |
Mail Flow Policy Name |
|
suser |
<sname> |
Text/String |
Mail From |
|
cs1Label |
N/A |
N/A |
Message ID |
|
cs1 |
N/A |
N/A |
Mail Policy Name |
|
cs2Label |
N/A |
N/A |
N/A |
|
cs2 |
N/A |
N/A |
Mail Sender Geo Location |
|
ESAMFVerdict |
N/A |
N/A |
N/A |
|
act |
<action>
|
String |
Message Final Action |
|
cs4Label |
N/A |
N/A |
N/A |
|
cs4 |
N/A |
N/A |
Message ID |
|
ESAOFVerdict |
N/A |
N/A |
Outbreak Filters Verdict |
|
duser |
<dname> |
String |
Recipients |
|
ESAHeloDomain |
<domainimpacted> |
String |
Remote Host/ Helo Domain |
|
ESAHeloIP |
<dip> |
IP Address |
Remote IP/Helo Domain IP |
|
ESAReplyTo |
<sender> |
String |
Reply-To |
|
cfp1Label |
N/A |
N/A |
SBRS Score |
|
cfp1 |
N/A |
N/A |
N/A |
|
ESASDRDomainAge |
N/A |
N/A |
SDR Consolidated Domain Age |
|
cs3Label |
<threatname> |
Text/String |
SDR Consolidated Threat Category |
|
cs3 |
N/A |
N/A |
N/A |
|
cs6Label |
N/A |
N/A |
SDR Reputation Score |
|
cs6 |
N/A |
N/A |
N/A |
|
ESASPFVerdict |
N/A |
N/A |
SPF Verdict |
|
sourceHostName |
<domainorigin> |
String |
Sender Domain |
|
ESASenderGroup |
<group> |
String |
N/A |
|
sourceAddress |
<sip> |
IP Address |
Sender IP |
|
msg |
<subject> |
String |
Subject |
|
ESATLSInCipher |
N/A |
N/A |
TLS Incoming Cipher |
|
ESATLSInConnStatus |
<result> |
Text/String |
TLS Incoming Connection Status |
|
ESATLSInProtocol |
N/A |
N/A |
TLS Incoming Protocol |
|
ESATLSOutCipher |
N/A |
N/A |
TLS Outgoing Cipher |
|
ESATLSOutConnStatus |
<status> |
Text/String |
TLS Outgoing Connection Status |
|
ESATLSOutProtocol |
<protname> |
String |
TLS Outgoing Protocol |