Data Loss Prevention
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Data Loss Prevention | Base Rule | Data Loss Prevention Activity | Activity |
| Data Loss Prevention : Ask | Sub Rule | Data Loss Prevention Activity | Activity |
| Data Loss Prevention : Monitor | Sub Rule | Data Loss Prevention Activity | Activity |
| Data Loss Prevention : Accept | Sub Rule | Data Loss Prevention Activity | Activity |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Product | <version> | Number/Text |
| Action | <action> | Number/Text |
| Action | <tag1> | Number/Text |
| origin | <sender> | Number/Text |
| SIP | <sip> | Number |
| SPort | <sport> | Number |
| DIP | <dip> | Number |
| dPort | <dport> | Number |
| protocol | <protnum> | Number |
| ifname | <sinterface> | Number |
| ifdirection | <tag2> | Number/Text |
| User | <login> | Number/Text |
| src_user_name | <login> | Number/Text |
| dst_user_name | <account> | Number/Text |
| from | <sender> | Number/Text |
| Rule | <command> | Number/Text |
| severity | <severity> | Number/Text |
| user_status | <status> | Number/Text |
| portal_message | <vendorinfo> | Number/Text |
| https_inspection_action | <tag3> | Number/Text |
| message_size | <size> | Number |
| matched_file | <object> | Number/Text |
| dlp_file_name | <object> | Number/Text |
| dlp_recipients | <recipient> | Number/Text |
| dlp_rule_name | <command> | Number/Text |
| dlp_data_type_name | <objecttype> | Number/Text |
| dlp_subject | <subject> | Number/Text |
| outgoing_url | <url> | Number/Text |
| Incident_UID | <session> | Number/Text |