Skip to main content
Skip table of contents

Disruptive Application Event

Vendor Documentation


Rule Name

Rule Type


Common Event

Disruptive Application EventBase RuleActivityApplication Control Detection

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)<vmid>NumberSignature ID
Header (eventName)<vendorinfo>Text/StringDescription
Header (severity)<severity>NumberSeverity
c6a1<snatip>IP AddressInterested IPv6
c6a1LabelN/AN/AInterested IPv6 label
c6a2<sip>IP AddressSource IPv6 address
c6a2LabelN/AN/ASource IPv6 address label
c6a3<dip>IP AddressDestination IPv6 address
c6a3LabelN/AN/ADestination IPv6 address label
c6a4<dnatip>IP AddressPeer IPv6 address
c6a4LabelN/AN/APeer IPv6 address label
cntN/AN/ATotal count
cn3N/AN/AThreat type
cn3LabelN/AN/AThreat type label
destinationTranslatedAddress<dnatip>IP AddressPeer IP
deviceDirectionN/AN/APacket direction
deviceExternalIdN/AN/AAppliance GUID
devicePayloadIdN/AN/AAn extendable field.
Format: {threat_type}:{log_id}:{with pcap file captured}:{extensions}*
dhost<dname>Text/String/NumberDestination host name
dmac<dmac>Text/StringDestination MAC
dpt<dport>NumberDestination port
dst<dip>IP AddressDestination IP address
dvcN/AN/AAppliance IP address
dvchostN/AN/AAppliance host name
dvcmacN/AN/AAppliance MAC address
flexNumber1LabelN/AN/AvLANId label
rtN/AN/ALog generation time
Format: Unix timestamp (number of milliseconds since Jan 01 1970 UTC)
shost<sname>Text/String/NumberSource host name
smac<smac>Text/StringSource MAC
sourceTranslatedAddress<snatip>IP AddressInterested IP
src<sip>IP AddressSource IP address
spt<sport>NumberSource port
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.