F5 LTM MCPD Messages
Classification
| Rule Name | Rule Type | Common Event | Classification |
| F5 LTM MCPD Messages | Base Rule | General Attack Activity | Attack |
| Abuse Of Functionality Message | Sub Rule | Suspicious Facility Activity | Suspicious |
| Injection Message | Sub Rule | Suspicious Activity | Suspicious |
| XML Parser Attack | Sub Rule | General Attack Activity | Attack |
| WebSocket Parser Attack | Sub Rule | General Attack Activity | Attack |
| Web Scraping Message | Sub Rule | Suspicious Activity | Suspicious |
| Vulnerability Scan Message | Sub Rule | Phishing Activity | Attack |
| Trojan/Backdoor/Spyware Activity | Sub Rule | Possible Trojan Activity | Malware |
| SQL-Injection Message | Sub Rule | SQL Injection | Attack |
| Session Hijacking Message | Sub Rule | Session Hijacking Activity | Attack |
| Server-Side Request Forgery Message | Sub Rule | Suspicious Activity | Suspicious |
| Server Side Code Injection Messages | Sub Rule | Phishing Activity | Attack |
| Remote File Include Messages | Sub Rule | Remote File Inclusion | Attack |
| Predictable Resource Location Messages | Sub Rule | Suspicious Host Activity | Suspicious |
| Path Traversal Message | Sub Rule | Directory Traversal | Attack |
| Non-browser Client Message | Sub Rule | Suspicious User Activity | Suspicious |
| Malicious File Upload Message | Sub Rule | Phishing Activity | Attack |
| LDAP Injection Message | Sub Rule | LDAP Message | Activity |
| JSON Parser Attack Message | Sub Rule | JSON Hijacking | Activity |
| Injection Attempt Message | Sub Rule | Suspicious Activity | Suspicious |
| Information Leakage Message | Sub Rule | Data Leak Detected | Warning |
| HTTP Response Split Message | Sub Rule | HTTP Response | Information |
| HTTP Smuggling Attack | Sub Rule | Suspicious Activity | Suspicious |
| HTTP Parser Attack | Sub Rule | General Activity | Activity |
| Brute Force Attack Activity | Sub Rule | Brute Force Activity | Attack |
| Buffer Overflow Messages | Sub Rule | Buffer Overflow/Underflow | Attack |
| Cache Poisoning Activity | Sub Rule | Suspicious Activity | Suspicious |
| Cross Site Scripting (XSS) Message | Sub Rule | Cross-Site Scripting | Attack |
| Cross-site Request Forgery Message | Sub Rule | Cross-Site Request Forgery | Attack |
| Denial Of Service Message | Sub Rule | Application Denial Of Service | Denial Of Service |
| Evasion Detection Message | Sub Rule | HTML Script Extension Evasion | Activity |
| Directory Indexing Message | Sub Rule | Suspicious Activity | Suspicious |
| Forceful Browsing Activity | Sub Rule | Suspicious Activity | Suspicious |
| Parameter Tampering Message | Sub Rule | Parameter Mismatch | Warning |
| Command Execution Message | Sub Rule | Suspicious Activity | Suspicious |
| Authentication/Authorization Attacks | Sub Rule | Suspicious Activity | Suspicious |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text/String |
| N/A | <sname> | Number/Text |
| N/A | <severity> | Number/Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <vmid> | Number |
| N/A | <subject> | Text/String |
| user | <login> | Text/String |
| asm_attack_type_name | <threatname> | Text/String |
| N/A | <tag1> | Text/String |
| asm_device_sync_device_name | <objectname> | Text/String |