Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Email Spam Information |
Base Rule |
General Email Handling Message |
Information |
|
Email Accepted |
Sub Rule |
Email Accepted |
Information |
|
Anti-Spoofing Lockout Messages |
Sub Rule |
Failed Spoofing Activity |
Failed Attack |
|
Message Loop Detected Messages |
Sub Rule |
Infinite Loop Detected |
Warning |
|
Connection Attempt Messages |
Sub Rule |
Connection Information |
Information |
|
Invalid Recipient Address Messages |
Sub Rule |
Blocked Message No Valid Recipients |
Failed Activity |
|
IP Found In RBL Messages |
Sub Rule |
Blocked Message RBL Match |
Failed Activity |
|
DMARC Sender Invalid Messages |
Sub Rule |
Blocked Message Sender Address Rejected |
Failed Activity |
|
Email Rejected |
Sub Rule |
Email Session Disposed - Reject |
Information |
|
Virus Signature Detection Messages |
Sub Rule |
General Email Virus Detection Message |
Information |
|
Manual Envelope Rejection Messages |
Sub Rule |
ReadFromMessage : Unable To Get Message Envelope |
Error |
|
Envelope Rejected Messages |
Sub Rule |
Couldn't Get Envelope Of Message In Folder |
Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
aCode |
<vmid> |
Text/String |
|
SpamLimit |
<quantity> |
Number |
|
IP |
<dip> |
IP Address |
|
RejType |
<status> <tag2> |
Text/String |
|
Error |
<reason> |
Text/String |
|
Dir |
<object> |
Text/String |
|
MsgId |
<url> |
Text/String |
|
Subject |
<subject> |
Text/String |
|
headerFrom |
<login> |
Text/String |
|
Sender |
<sender> |
Text/String |
|
Rcpt |
<recipient> |
Text/String |
|
Act |
<tag1> <action> |
Text/String |
|
TlsVer |
<protname> |
Text/String |
|
Cphr |
<hash> |
Text/String |
|
SpamScore |
<amount> |
Number |