Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Event : Wad |
Base Rule |
Information |
SSL Information-Only Event |
|
WAD SSL RCV ALERT |
Sub Rule |
Information |
SSL Information-Only Event |
|
WAD SSL NOT SUPPORT CS |
Sub Rule |
Warning |
Module Not Supported |
|
WAD SSL DECRY FAIL |
Sub Rule |
Error |
Decryption Failure |
|
WAD SSL SENT FATAL ALERT |
Sub Rule |
Information |
SSL Key Information |
|
WAD SSL RCV FATAL ALERT |
Sub Rule |
Error |
SSL Connection Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
severity |
<severity> |
Text/String |
severity |
|
logid |
<vmid> <tag1> |
Number |
N/A |
|
logdesc |
<status> |
Text/String |
N/A |
|
session_id |
<session> |
Number/Text/String |
N/A |
|
srcip |
<sip> |
IP Address |
IP Address |
|
srcport |
<sport> |
Number |
N/A |
|
dstip |
<dip> |
IP Address |
IP Address |
|
dstport |
<dport> |
Number |
N/A |
|
action |
<action> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |