Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Connection Information |
Base Rule |
Audit :Other Audit failure |
Port Access Failure |
|
Connection Lost |
Sub Rule |
Network Traffic |
Connection Lost |
|
TLS Negotiation Failure |
Sub Rule |
Warning |
TLS Negotiation Failure |
|
Connection Accepted |
Sub Rule |
Network Allow |
Traffic Allowed by Network Firewall |
|
Connection Closed |
Sub Rule |
Network Traffic |
Connection Closed |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
LOC4: |
<tag1> |
Text/String |
|
Mar 1 06:49:31 |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
conn |
<session> |
Number |
|
fd=12 |
<tag2> |
Text/String |
|
N/A |
<tag3> |
Text/String |
|
IP |
<sip> |
Number |
|
N/A |
<sport> |
Number |
|
IP |
<dip> |
Number |
|
N/A |
<dport> |
Number |