Skip to main content
Skip table of contents

Content Awareness

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule NameRule TypeCommon EventClassification
Content AwarenessBase RuleGeneral File Monitoring EventOther Audit
Content Awareness : Traffic BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
Content Awareness : Traffic AcceptSub RuleTraffic Allowed by Network FirewallNetwork Allow
Content Awareness : Traffic DeniedSub RuleTraffic Denied by Network FirewallNetwork Deny
Content Awareness : Traffic AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

Product<version>Number/Text
Action<action>Number/Text
Action<tag1>Number/Text
SIP<sip>Number/Text
origin<sender>Number/Text
src_machine_name<sname>Number/Text
DIP<dip>Number
dst_machine_name<dname>Number/Text
dport<dport>Number
protocol<protname>Number/Text
ifname<sinterface>Number/Text
ifdirection<tag2>Number/Text
User<login>Number/Text
src_user_name<login>Number/Text
dst_user_name<account>Number/Text
file_name<object>Number/Text
file_direction<tag3>Number/Text
file_type<objecttype>Number/Text
file_size<size>Number
connection_luuid<session>Number/Text
duration<duration>Number


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close