Skip to main content
Skip table of contents

Deny List Transaction Event

Vendor Documentation


Rule Name

Rule Type


Common Event

Deny List Transaction EventBase RuleAccess SuccessObject Modified
Deny List Updated : Object Added

Sub Rule

Access SuccessObject Added
Deny List Updated : Object Removed

Sub Rule

Access SuccessObject Deleted/Removed

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)<vmid>NumberEvent ID
Header (eventName)<vendorinfo>Text/StringDescription
Header (severity)N/AN/ASeverity
Text/StringThe action in the event
cs1LabelN/AN/AType label
cs2<severity>Text/StringRisk level
cs2LabelN/AN/ARisk level label
deviceExternalIdN/AN/AAppliance GUID
dhost<dname>Text/StringDestination host name
dpt<dport>NumberDestination port
dst<dip>IPDestination IP address
dvcN/AN/AAppliance IP address
dvchostN/AN/AAppliance host name
dvcmacN/AN/AAppliance MAC address
endN/AN/AReport end time
Format: Unix timestamp (number of milliseconds since Jan 01 1970 UTC)
rtN/AN/AAnalysis time
Format: Unix timestamp (number of milliseconds since Jan 01 1970 UTC)
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.