EVID 430002/430003: Connection Event Messages

Classification

Rule Name	Rule Type	Common Event	Classification
Connection Blocked	Sub Rule	Failed To Send Packet	Network Traffic
EVID 430002/430003: Connection Event Messages	Base Rule	Connection Information	Information
Connection Trusted	Sub Rule	Permitted Connection	Network Traffic
Traffic Bypassed	Sub Rule	Passing Through Connections	Other Operations
Connection Blocked With Reset	Sub Rule	Connection Reset	Network Traffic
Connection Allowed	Sub Rule	Traffic Allowed by Network Firewall	Network Allow

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<severity>	Number
N/A	<vmid>	Number
AccessControlRuleAction	<tag1>	Text/String
SrcIP	<sip>	Number
DstIP	<dip>	Number
SrcPort	<sport>	Number
DstPort	<dport>	Number
Protocol	<protname>	Text/String
IngressInterface	<sinterface>	Text/String
EgressInterface	<dinterface>	Text/String
ACPolicy	<policy>	Text/String
N/A	<subject>	Text/String
N/A	<login>	Text/String
N/A	<useragent>	Text/String
N/A	<objectname>	Text/String
N/A	<object>	Text/String
N/A	<duration>	Number
InitiatorPackets	<packetsout>	Number
ResponderPackets	<packetsin>	Number
InitiatorBytes	<bytesout>	Number
ResponderBytes	<bytesin>	Number
N/A	<objecttype>	Text/String
N/A	<url>	Text/String