Skip to main content
Skip table of contents

Cortex Agent Messages

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

Cortext Agent MessagesBase RuleGeneral AlertOperations : Warning

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

HEADER/VendorN/AN/AVendor info
HEADER/Device ProductN/AN/ADevice Product info
HEADER/Device Version<version>Text/StringDevice Version info
HEADER/Device Event Class ID<vmid>Text/StringN/A
HEADER/name<vendorinfo>Text/StringAction type
HEADER/Severity<severity>Text/String

integer: 0 - Unknown, 6 - Low, 8 - Medium, 9 - High

endN/AN/ATimestamp
shost<sname>Text/String

Hostname of the machine from where the action was initiated.

suser<login><domainorigin>Text/String

Username of the user who initiated the action.

deviceFacilityN/AN/AN/A
cat<threatname>Text/StringN/A
externalId<threatid>NumberN/A
request<url>Text/String/NumberN/A
cs1<process>Text/StringN/A
cs1LabelN/AN/AN/A
cs2N/AN/AN/A
cs2LabelN/AN/AN/A
cs3N/AN/AN/A
cs3LabelN/AN/AN/A
cs4N/AN/AN/A
cs4LabelN/AN/AN/A
cs5<command>Text/String/NumberN/A
cs5LabelN/AN/AN/A
cs6N/AN/AN/A
cs6LabelN/AN/AN/A
fileHash<hash>Text/String/NumberN/A
filePath<object>Text/String/NumberN/A
targetprocesssignatureN/AN/AN/A
tenantnameN/AN/AN/A
tenantCDLidN/AN/AN/A
CSPaccountnameN/AN/AN/A
initiatorSha256N/AN/AN/A
initiatorPath<parentprocesspath>Text/String/NumberN/A
osParentSignatureN/AN/AN/A
incidentN/AN/AN/A
act<action>Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.