Connection Information 2
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Connection Information | Base Rule | Audit :Other Audit failure | Port Access Failure |
| Connection Lost | Sub Rule | Network Traffic | Connection Lost |
| TLS Negotiation Failure | Sub Rule | Warning | TLS Negotiation Failure |
| Connection Accepted | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| Connection Closed | Sub Rule | Network Traffic | Connection Closed |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| LOC4: | <tag1> | Text/String |
| Mar 1 06:49:31 | <dname> | Text/String |
| N/A | <process> | Text/String |
| conn | <session> | Number |
| fd=12 | <tag2> | Text/String |
| N/A | <tag3> | Text/String |
| IP | <sip> | Number |
| N/A | <sport> | Number |
| IP | <dip> | Number |
| N/A | <dport> | Number |