Disruptive Application Event

Disruptive Application Event

Base Rule

Activity

Application Control Detection

Header (logVer)

N/A

N/A

CEF format version

Header (vendor)

N/A

N/A

Appliance vendor

Header (pname)

N/A

N/A

Appliance product

Header (pver)

N/A

N/A

Appliance version

Header (eventid)

<vmid>

Number

Signature ID

Header (eventName)

<vendorinfo>

Text/String

Description

Header (severity)

<severity>

Number

Severity

app

<protname>

Text/String

Protocol

c6a1

<snatip>

IP Address

Interested IPv6

c6a1Label

N/A

N/A

Interested IPv6 label

c6a2

<sip>

IP Address

Source IPv6 address

c6a2Label

N/A

N/A

Source IPv6 address label

c6a3

<dip>

IP Address

Destination IPv6 address

c6a3Label

N/A

N/A

Destination IPv6 address label

c6a4

<dnatip>

IP Address

Peer IPv6 address

c6a4Label

N/A

N/A

Peer IPv6 address label

cnt

N/A

N/A

Total count

cn3

N/A

N/A

Threat type

cn3Label

N/A

N/A

Threat type label

destinationTranslatedAddress

<dnatip>

IP Address

Peer IP

deviceDirection

N/A

N/A

Packet direction

deviceExternalId

N/A

N/A

Appliance GUID

devicePayloadId

N/A

N/A

An extendable field.
Format: {threat_type}:{log_id}:{with pcap file captured}:{extensions}*

dhost

<dname>

Text/String/Number

Destination host name

dmac

<dmac>

Text/String

Destination MAC

dpt

<dport>

Number

Destination port

dst

<dip>

IP Address

Destination IP address

dvc

N/A

N/A

Appliance IP address

dvchost

N/A

N/A

Appliance host name

dvcmac

N/A

N/A

Appliance MAC address

flexNumber1

N/A

N/A

vLANId

flexNumber1Label

N/A

N/A

vLANId label

rt

N/A

N/A

Log generation time
Format: Unix timestamp (number of milliseconds since Jan 01 1970 UTC)

shost

<sname>

Text/String/Number

Source host name

smac

<smac>

Text/String

Source MAC

sourceTranslatedAddress

<snatip>

IP Address

Interested IP

src

<sip>

IP Address

Source IP address

spt

<sport>

Number

Source port