Skip to main content
Skip table of contents

Dragos Events

Vendor Documentation

https://www.dragos.com/resource/dragos-platform-datasheet

Classification

Rule Name

Rule Type

Classification

Common Event

Dragos EventsBase RuleOperations : InformationGeneral Alert Message
Dragos Configuration AlertSub RuleOperations : InformationGeneral Alert Message
Dragos Indicator AlertSub RuleSecurity : AttackGeneral Attack Activity
Dragos Modeling AlertSub RuleSecurity : AttackGeneral Attack Activity
Dragos Threat Behavior AlertSub RuleSecurity : AttackGeneral Attack Activity

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
(CEF Header) VersionN/A N/A N/A
(CEF Header) Device VendorN/AN/A  N/A
(CEF Header) Device ProductN/AN/A N/A 
(CEF Header) Device Version<version>Number N/A 
(CEF Header) Signature IDN/AN/A  N/A
(CEF Header) Name<vmid>StringSummary of the Event. 
(CEF Header) Severity<severity>NumberDragos Event Severity. 
content<vendorinfo>Text/StringDetailed description of the Event. 
asset_idN/AN/AAsset ID for single Asset Events.
asset_ipN/AN/AAsset IP Address(s) for single Asset Events. 
asset_class N/A N/AAsset class for single asset events.
asset_hostnameN/AText/StringAsset Hostname(s) for single Asset Events. 
asset_macN/AText/StringAsset MAC Address(s) for single Asset events. 
asset_domainN/AText/StringAsset Domain(s) for single Asset Events. 
dst_asset_idN/AN/ADestination asset ID for multi-asset events.
dst_asset_ip<dip>Text/StringDestination asset IP address(s) for multi-asset events.
dst_asset_hostname<dname>Text/StringDestination asset name for multi-asset events.
dst_asset_mac<dmac>Text/StringDestination asset MAC Address(s) for multi-asset events.
dst_asset_domain<domainimpacted>Text/StringDestination asset domain for multi-asset events.
src_asset_idN/AN/ASource asset ID for multi-asset events.
src_asset_ip<sip>Text/StringSource asset IP address(s) for multi-asset events.
src_asset_hostname<sname>Text/StringSource asset name for multi-asset events.
src_asset_mac<smac>Text/StringSource asset MAC Address(s) for multi-asset events.
src_asset_domain<domainorigin>Text/StringSource asset domain for multi-asset events.
id<threatid>NumberUnique ID for the Event. 
createdAtN/AN/ADate and time Event was created. 
detection_quad<objecttype>
<tag1>		StringDragos Threat Detection Type
detector_Id<object>Text/StringUnique ID of the Collector 
matchedRuleIdN/AN/AUnique ID for the Match Rule. 
attack_tacticN/AN/AList of Dragos Attack Tactic Types
attack_technique<threatname>StringList of Dragos Attack Technique Types
occurredAtN/AN/ADate and time the Event occurred. 
originalSeverityN/AN/AOriginal Dragos severity. 
reviewedN/AN/ATrue if the Event has been reviewed. 
typeN/AN/AType of Event.
sensor_descriptionN/AN/A  N/A
sensor_hostnameN/AN/A  N/A
sensor_geoN/AN/A N/A 
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close