F5 LTM Advanced Firewall Messages
Classification
| Rule Name | Rule Type | Common Event | Classification |
| F5 LTM Advanced Firewall Messages | Base Rule | General Attack Activity | Attack |
| Advanced Firewall Connection Closed | Sub Rule | Connection Closed | Network Traffic |
| Advanced Firewall Connection Established | Sub Rule | Connection Established | Network Traffic |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| severity | <severity> | Number |
| action | <action> | Text/String |
| hostname | <sname> | Number/Text |
| dest_ip | <dip> | Number |
| dest_port | <dport> | Number |
| device_product | <vendorinfo> | Text/String |
| device_version | <version> | Number |
| ip_protocol | <protname> | Text/String |
| source_ip | <sip> | Number |
| source_port | <sport> | Number |
| source_user | <login> | Text/String |
| translated_dest_ip | <dnatip> | Number |
| translated_dest_port | <dnatport> | Number |
| translated_source_ip | <snatip> | Number |
| translated_source_port | <snatport> | Number |
| translated_vlan | <dinterface> | Text/String |
| vlan | <sinterface> | Text/String |
| action | <tag1> | Text/String |