Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
EVID 430005: File Malware Event |
Base Rule |
General Threat Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
Number |
|
N/A |
<vmid> |
Number |
|
SrcIP |
<sip> |
Number |
|
DstIP |
<dip> |
Number |
|
SrcPort |
<sport> |
Number |
|
DstPort |
<dport> |
Number |
|
Protocol |
<protname> |
Text/Number |
|
FileAction |
<action> |
Text/Number |
|
FileSHA256 |
<hash> |
Text/Number |
|
SperoDisposition |
<subject> |
Text/Number |
|
ThreatName |
<threatname> |
Text/Number |
|
FileName |
<objectname> |
Text/Number |
|
FileType |
<objecttype> |
Text/Number |
|
FileSize |
<size> |
Number |
|
ApplicationProtocol |
<command> |
Text/Number |
|
user |
<login> |
Text/Number |
|
FilePolicy |
<policy> |
Text/Number |
|
URI |
<url> |
Text/Number |