Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Data Loss Prevention |
Base Rule |
Data Loss Prevention Activity |
Activity |
|
Data Loss Prevention : Ask |
Sub Rule |
Data Loss Prevention Activity |
Activity |
|
Data Loss Prevention : Monitor |
Sub Rule |
Data Loss Prevention Activity |
Activity |
|
Data Loss Prevention : Accept |
Sub Rule |
Data Loss Prevention Activity |
Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
Product |
<version> |
Number/Text |
|
Action |
<action> |
Number/Text |
|
Action |
<tag1> |
Number/Text |
|
origin |
<sender> |
Number/Text |
|
SIP |
<sip> |
Number |
|
SPort |
<sport> |
Number |
|
DIP |
<dip> |
Number |
|
dPort |
<dport> |
Number |
|
protocol |
<protnum> |
Number |
|
ifname |
<sinterface> |
Number |
|
ifdirection |
<tag2> |
Number/Text |
|
User |
<login> |
Number/Text |
|
src_user_name |
<login> |
Number/Text |
|
dst_user_name |
<account> |
Number/Text |
|
from |
<sender> |
Number/Text |
|
Rule |
<command> |
Number/Text |
|
severity |
<severity> |
Number/Text |
|
user_status |
<status> |
Number/Text |
|
portal_message |
<vendorinfo> |
Number/Text |
|
https_inspection_action |
<tag3> |
Number/Text |
|
message_size |
<size> |
Number |
|
matched_file |
<object> |
Number/Text |
|
dlp_file_name |
<object> |
Number/Text |
|
dlp_recipients |
<recipient> |
Number/Text |
|
dlp_rule_name |
<command> |
Number/Text |
|
dlp_data_type_name |
<objecttype> |
Number/Text |
|
dlp_subject |
<subject> |
Number/Text |
|
outgoing_url |
<url> |
Number/Text |
|
Incident_UID |
<session> |
Number/Text |