Connection Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Connection Messages | Base Rule | Connection Information | Information |
| Received Disconnect | Sub Rule | Disconnection Request | Network Traffic |
| UDP Connection Refused | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| UDP Packet Rejected : Port Closed | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| TCP Packet Rejected : Port Closed | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| ICMP Packet Rejected : Port Closed | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | Text/String |
| N/A | <sip> | IP Address |
| N/A | <dip> | IP Address |
| N/A | <sport> | Number |
| N/A | <dport> | Number |
| N/A | <protname> | Text\String |
| N/A | <processid> | Number |
| N/A | <process> | Text/String |
| N/A | <tag3> | Text/String |
| N/A | <tag4> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <tag2> | Text/String |