Breadcrumbs

Event Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Event Messages

Base Rule

Event Occurred

Information

Message Received

Sub Rule

Message Received

Other Audit Success

Message Sent

Sub Rule

Message Sent

Information

Request Received

Sub Rule

Request Received

Other Audit Success

Request Sent

Sub Rule

Request Prepared

Information

Response Received

Sub Rule

Response Received

Information

Response Sent

Sub Rule

Response Prepared

Information

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

Event

<vmid>

Text\String

Level

<severity>

Number

Src-ip

<sip>

IP Address

Dst-ip

<dip>

IP Address

Src-port

<sport>

Number

Dst-port

<dport>

Number

Protocol

<protname>

Text\String

Service

<object>

Text\String

Method

<command>

Text\String