EyeInspect Alert Logs
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
EyeInspect Alert Logs | Base Rule | Suspicious Activity | Suspicious |
DNP3 Invalid Reserved Bit Log | Sub Rule | Invalid Input Value | Error |
Vulnerability Match Log | Sub Rule | Vulnerability Scanner Information | Other Security |
Multiple Failed Connection Attempts Log | Sub Rule | Multiple Connection Attempts From Same Source | Warning |
EtherNet/IP Device Unstable Connection Log | Sub Rule | Possible Unstable Link Or Faulty Cable | Warning |
DNP3 Field Too Large Log | Sub Rule | Message Too Large | Warning |
DNP3 Invalid Qualifier Code Log | Sub Rule | Invalid Message Code | Error |
SMBGhost Exploitation Log | Sub Rule | Potential Vulnerability Exploit Allowed | Activity |
Illegal Data Address Log | Sub Rule | Illegal Status | Information |
DNP3 Device Unstable Connection Log | Sub Rule | Possible Unstable Link Or Faulty Cable | Warning |
Invalid Field Value Log | Sub Rule | Invalid Field | Error |
GW Device Failed To Respond Log | Sub Rule | No Response Received From Network Access Device | Warning |
MODBUS/TCP Device Unstable Connection Log | Sub Rule | Possible Unstable Link Or Faulty Cable | Warning |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
N/A | N/A | N/A | Common Event Format identifier:Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
N/A | N/A | N/A | Vendor or organization name |
N/A | N/A | N/A | Product or service name generating the event |
N/A | <version> | Text/String | Version number |
N/A | <vmid> | Text/String | Specific name or identifier for the event. |
N/A | <vendorinfo> | Text/String | Description |
N/A | <severity> | Number | Severity level of the event (e.g., low, medium, high). |
cat | N/A | N/A | alert |
externalId | N/A | N/A | { alertId} |
rt | N/A | N/A | N/A |
smac | <smac> | Text/String | N/A |
dmac | <dmac> | Text/String | N/A |
src | <sip> | IP Address | N/A |
dst | <dip> | IP Address | N/A |
spt | <sport> | Number | N/A |
dpt | <dport> | Number | N/A |
proto | <protname> | Text/String | N/A |
app | N/A | N/A | N/A |
in | <bytesin> | Number | N/A |
out | <bytesout> | Number | N/A |
deviceDirection | N/A | N/A | N/A |
deviceExternalId | N/A | N/A | N/A |
cs1Label | N/A | N/A | ProfileModule |
cs1 | N/A | N/A | N/A |
cs2Label | N/A | N/A | FEAState |
cs2 | <status> | Text/String | N/A |
cn1Label | N/A | N/A | AggrAlerts |
cn1 | N/A | N/A | N/A |
deviceCustomDate1Label | N/A | N/A | N/A |
deviceCustomDate1 | N/A | N/A | N/A |
cn2Label | N/A | N/A | FEADurationSec |
cn2 | <seconds> | Number | N/A |
cs3Label | N/A | N/A | FieldPath |
cs3 | <parentprocesspath> | Text/String | N/A |
cs4Label | N/A | N/A | FieldVal |
cs4 | N/A | N/A | N/A |
cs5Label | N/A | N/A | ExpVals |
cs5 | N/A | N/A | N/A |
cs6Label | N/A | N/A | Labels |
cs6 | <cve> | Text/String | N/A |
msg | <subject> | Text/String | N/A |