Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
F5 DNS Log Messages |
Base Rule |
General DNS Information |
Information |
|
DNS Address Record Messages |
Sub Rule |
Get Address Information |
Information |
|
DNS AAAA Record Messages |
Sub Rule |
General IPV6 Message |
Information |
|
DNS Pointer Messages |
Sub Rule |
DNS Query |
Information |
|
DNS Start Of Authority Message |
Sub Rule |
General DNS Server Information |
Information |
|
DNS Service Record Messages |
Sub Rule |
General Service Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text/String |
|
f5_irule |
<vendorinfo> |
Text/String |
|
src_ip |
<sip> |
Number |
|
dns_server_ip |
<dip> |
Number |
|
question_name |
<object> |
Number/Text |
|
question_class |
<objecttype> |
Text/String |
|
question_type |
<responsecode> |
Text/String |
|
question_type |
<tag1> |
Text/String |