Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
F5 LTM Application Security Messages |
Base Rule |
General Security |
Other Security |
|
Untrusted Bot Messages |
Sub Rule |
Possible Botnet Activity |
Malware |
|
Unknown Messages |
Sub Rule |
Unknown Browser Type |
Information |
|
Browser Masquerading Messsages |
Sub Rule |
Detected Botnet Activity |
Malware |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text/String |
|
hostname |
<sname> |
Number/Text |
|
client_ip |
<sip> |
Number |
|
client_port |
<sport> |
Number |
|
dest_ip |
<dip> |
Number |
|
dest_port |
<dport> |
Number |
|
device_product |
<vendorinfo> |
Text/String |
|
device_version |
<version> |
Number/Text |
|
http_method |
<command> |
Text/String |
|
http_protocol_indication |
<protname> |
Text/String |
|
virtual_server_name |
<objectname> |
Text/String |
|
request_status |
<status> |
Text/String |
|
action |
<action> |
Text/String |
|
reason |
<reason> |
Text/String |
|
class |
<object> |
Text/String |
|
class |
<tag1> |
Text/String |
|
anomaly_categories |
<threatname> |
Text/String |
|
anomalies |
<objecttype> |
Text/String |