Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
F5 LTM Advanced Firewall Messages |
Base Rule |
General Attack Activity |
Attack |
|
Advanced Firewall Connection Closed |
Sub Rule |
Connection Closed |
Network Traffic |
|
Advanced Firewall Connection Established |
Sub Rule |
Connection Established |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
severity |
<severity> |
Number |
|
action |
<action> |
Text/String |
|
hostname |
<sname> |
Number/Text |
|
dest_ip |
<dip> |
Number |
|
dest_port |
<dport> |
Number |
|
device_product |
<vendorinfo> |
Text/String |
|
device_version |
<version> |
Number |
|
ip_protocol |
<protname> |
Text/String |
|
source_ip |
<sip> |
Number |
|
source_port |
<sport> |
Number |
|
source_user |
<login> |
Text/String |
|
translated_dest_ip |
<dnatip> |
Number |
|
translated_dest_port |
<dnatport> |
Number |
|
translated_source_ip |
<snatip> |
Number |
|
translated_source_port |
<snatport> |
Number |
|
translated_vlan |
<dinterface> |
Text/String |
|
vlan |
<sinterface> |
Text/String |
|
action |
<tag1> |
Text/String |