EVID 1120 : Threat Hash Identified
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
EVID 1120 : Threat Hash Identified | Base Rule | Operations : Information | General WinDefend Information |
Mapping with LogRhythm Schema
Device Key in log message | LogRhythm Schema | Data Type | Schema Description |
Provider | Identifies the provider that logged the event. The Name and Guid attributes are included if the provider used an instrumentation manifest to define its events; otherwise, the EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event. | ||
EventID | <vmid> <tag1> | Number | The identifier that the provider used to identify the event. |
Version | The version number of the event's definition. | ||
Level | <severity> | String/Number | The severity level defined in the event. |
Task | The task defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. | ||
Opcode | The opcode defined in the event. Task and opcode are typically used to identify the location in the application from where the event was logged. | ||
Keywords | A bitmask of the keywords defined in the event. Keywords are used to classify types of events (for example, events associated with reading data). | ||
TimeCreated | The time stamp that identifies when the event was logged. The time stamp includes either the SystemTime attribute or the RawTime attribute. | ||
EventRecordID | The record number assigned to the event when it was logged. | ||
Correlation | The activity identifiers that consumers can use to group related events together. | ||
Execution | Contains information about the process and thread that logged the event. | ||
Channel | The channel to which the event was logged. | ||
Computer | <dname> | Text/String | The name of the computer on which the event occurred. |
Security | |||
<subject> | Text/String | A description of the event. | |
Current Platform Version | |||
Threat Resource Path | |||
Hashes | <hash> | Text/String |