Skip to main content
Skip table of contents

EVID:1092EPOEV - AccessProtectionViolationBlocked

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

EVID:1092EPOEV - AccessProtectionViolationBlocked

Base Rule

Threat Blocked

Failed Activity

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/AN/AN/AN/A
MachineNameN/AN/AName of the system hosting the detecting product.
AgentGUIDN/AN/AUnique identifier of the agent that forwarded the event.
IPAddress<dip>IP AddressIP address of the system hosting the detecting product (if given in the event).
OSNameN/AN/AN/A
UserNameN/AN/AN/A
TimeZoneBiasN/AN/AN/A
RawMACAddress<dmac>Text/String/NumberMAC address of the system hosting the detecting product.
ProductName<vendorinfo>Text/StringName of the detecting managed product.
ProductVersion<version>Text/String/NumberVersion number of the detecting product.
ProductFamilyN/AN/AN/A
AnalyzerN/AN/AN/A
AnalyzerNameN/AN/AName of the detecting managed product.
AnalyzerVersionN/AN/AVersion number of the detecting product.
AnalyzerHostNameN/AN/AName of the system hosting the detecting product.
AnalyzerDetectionMethodN/AN/AThe name of the task or task type that was responsible for detecting the threat.
EventID<vmid>NumberUnique identifier of the event class.
SeverityN/AN/AN/A
GMTTimeN/AN/AN/A
ThreatCategory<subject>Text/StringCategory of the event. Possible categories depend on the product.
ThreatEventIDN/AN/AUnique identifier of the event class.
ThreatName<threatname>Text/StringName of the threat.
ThreatTypeN/AN/AClass of the threat.
DetectedUTCN/AN/AN/A
ThreatActionTaken<action>Text/StringThe action taken by the product in response to the threat.
ThreatHandled<result>Text/StringSpecifies whether the action taken was successful.
SourceUserName<domainorigin>
<login>
Text/StringUser name from which the threat originated (if given in the event).
SourceProcessName<process>Text/StringThe process name from which the threat originated.
TargetHostName<dname>Text/StringName of the system that created the event.
TargetUserName<domainimpacted>
<account>
Text/StringThe threat source user name or email address.
Target ProcessNameN/AN/AN/A
Target FileName<object>Text/StringLocation of the threat on the detecting system.
ThreatSeverity<severity>NumberThe severity of the detected threat as defined by each managed product.
targetN/AN/AN/A
BladeNameN/AN/AN/A
AnalyzerContentVersionN/AN/AN/A
AnalyzerContentCreationDateN/AN/AN/A
AnalyzerRuleNameN/AN/AN/A
SourceProcessHashN/AN/AN/A
SourceProcessSignedN/AN/AN/A
SourceProcessSignerN/AN/AN/A
SourceProcessTrustedN/AN/AN/A
SourceFilePathN/AN/AN/A
SourceFileSizeN/AN/AN/A
SourceModifyTimeN/AN/AN/A
SourceAccessTimeN/AN/AN/A
SourceCreateTimeN/AN/AN/A
TargetName<objectname>Text/StringN/A
TargetPathN/AN/AN/A
TargetHash<hash>Text/StringN/A
TargetSignedN/AN/AN/A
TargetSignerN/AN/AN/A
TargetTrustedN/AN/AN/A
TargetFileSizeN/AN/AN/A
TargetModifyTimeN/AN/AN/A
TargetAccessTimeN/AN/AN/A
TargetCreateTimeN/AN/AN/A
AttackVectorTypeN/AN/AN/A
DurationBeforeDetectionN/AN/AN/A
NaturalLangDescriptionN/AN/AN/A
AccessRequestedN/AN/AN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.