Connection Message
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Connection Message | Base Rule | Operations : Information | Connection Information |
| Connection Dropped By Reset | Sub Rule | Network Traffic | Connection Lost |
| Connection Request | Sub Rule | Network Traffic | Connection Attempt |
| Killing Attempted Connection | Sub Rule | Network Traffic | Connection Aborted |
| Killing Unknown Connection | Sub Rule | Network Traffic | Connection Aborted |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Dec 3 10:32:46 | <sname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <tag1> | Text/String |
| N/A | <protname> | Text/String |
| N/A | <sip> | IP Address |
| N/A | <sport> | Number |
| N/A | <dip> | IP Address |
| N/A | <dport> | Number |