Breadcrumbs

EVID 430002/430003: Connection event

Classification

Rule Name

Rule Type

Common Event

Classification

EVID 430002/430003: Connection event

Base Rule

Connection Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<severity>

Number

N/A

 <vmid>

Number

AccessControlRuleAction

 <action>

Text/String

AccessControlRuleReason

 <objecttype>

Text/String

SrcIP

 <sip>

Number

DstIP

 <dip>

Number

SrcPort

 <sport>

Number

DstPort

 <dport>

Number

Protocol

 <protname>

Text/String

IngressInterface

 <sinterface>

Text/String

EgressInterface

 <dinterface>

Text/String

ACPolicy

 <policy>

Text/String

AccessControlRuleName

 <reason>

Text/String

User

 <login>

Text/String

N/A

 <useragent>

Text/String

IPSCount

 <quantity>

Number

InitiatorPackets

 <packetsout>

Number

ResponderPackets

 <packetsin>

Number

InitiatorBytes

 <bytesout>

Number

ResponderBytes

 <bytesin>

Number

N/A

 <url>

Text/String