Skip to main content
Skip table of contents

EVID 1092, 1095 : Behavior Messages

Vendor Documentation

http://b2b-download.mcafee.com/products/naibeta-download/epo_510/epo_510_onprembeta1_installationguide.pdf

Classification

Rule Name

Rule Type

Classification

Common Event

EVID 1092, 1095 : Behavior Messages

Base Rule

Information

General Information Log Message

ePO - Access Protection Violation Blocked

Sub Rule

Security : Failed Activity

Threat Blocked

ePO - Access Protection Violation Not Blocked

Sub Rule

Security : Activity

General Threat Message

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
MachineName<dname>Text/StringName of the system hosting the detecting product.
AgentGUIDN/AN/AUnique identifier of the agent that forwarded the event.
IPAddress<dip>IP AddressIP address of the system hosting the detecting product (if given in the event).
OSNameN/AN/AN/A
UserName<domainimpacted>
<account>		Text/StringN/A
TimeZoneBiasN/AN/AN/A
RawMACAddress<dmac>Text/StringMAC address of the system hosting the detecting product.
ProductName<vendorinfo>Text/StringName of the detecting managed product.
ProductVersion<version>Text/String/NumberVersion number of the detecting product.
ProductFamilyN/AN/AN/A
EngineVersionN/AN/AVersion number of the detecting product’s engine
DATVersionN/AN/ADAT version on the system that sent the event.
ScannerTypeN/AN/AN/A
TaskNameN/AN/AN/A
ProductFamilyN/AN/AN/A
ProductNameN/AN/AName of the detecting managed product.
ProductVersionN/AN/AVersion number of the detecting product.
EventID<vmid>NumberUnique identifier of the event class.
Severity<severity>NumberN/A
GMTTimeN/AN/AN/A
UTCTimeN/AN/AN/A
RuleName<policy>Text/StringN/A
ProcessName<process>Text/StringN/A
FileName<object>Text/StringN/A
SourceN/AN/AN/A
ActionsBlockedN/AN/AN/A
szActionsBlockedN/AN/AN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close