Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
F5 LTM MCPD Messages |
Base Rule |
General Attack Activity |
Attack |
|
Abuse Of Functionality Message |
Sub Rule |
Suspicious Facility Activity |
Suspicious |
|
Injection Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
XML Parser Attack |
Sub Rule |
General Attack Activity |
Attack |
|
WebSocket Parser Attack |
Sub Rule |
General Attack Activity |
Attack |
|
Web Scraping Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Vulnerability Scan Message |
Sub Rule |
Phishing Activity |
Attack |
|
Trojan/Backdoor/Spyware Activity |
Sub Rule |
Possible Trojan Activity |
Malware |
|
SQL-Injection Message |
Sub Rule |
SQL Injection |
Attack |
|
Session Hijacking Message |
Sub Rule |
Session Hijacking Activity |
Attack |
|
Server-Side Request Forgery Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Server Side Code Injection Messages |
Sub Rule |
Phishing Activity |
Attack |
|
Remote File Include Messages |
Sub Rule |
Remote File Inclusion |
Attack |
|
Predictable Resource Location Messages |
Sub Rule |
Suspicious Host Activity |
Suspicious |
|
Path Traversal Message |
Sub Rule |
Directory Traversal |
Attack |
|
Non-browser Client Message |
Sub Rule |
Suspicious User Activity |
Suspicious |
|
Malicious File Upload Message |
Sub Rule |
Phishing Activity |
Attack |
|
LDAP Injection Message |
Sub Rule |
LDAP Message |
Activity |
|
JSON Parser Attack Message |
Sub Rule |
JSON Hijacking |
Activity |
|
Injection Attempt Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Information Leakage Message |
Sub Rule |
Data Leak Detected |
Warning |
|
HTTP Response Split Message |
Sub Rule |
HTTP Response |
Information |
|
HTTP Smuggling Attack |
Sub Rule |
Suspicious Activity |
Suspicious |
|
HTTP Parser Attack |
Sub Rule |
General Activity |
Activity |
|
Brute Force Attack Activity |
Sub Rule |
Brute Force Activity |
Attack |
|
Buffer Overflow Messages |
Sub Rule |
Buffer Overflow/Underflow |
Attack |
|
Cache Poisoning Activity |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Cross Site Scripting (XSS) Message |
Sub Rule |
Cross-Site Scripting |
Attack |
|
Cross-site Request Forgery Message |
Sub Rule |
Cross-Site Request Forgery |
Attack |
|
Denial Of Service Message |
Sub Rule |
Application Denial Of Service |
Denial Of Service |
|
Evasion Detection Message |
Sub Rule |
HTML Script Extension Evasion |
Activity |
|
Directory Indexing Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Forceful Browsing Activity |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Parameter Tampering Message |
Sub Rule |
Parameter Mismatch |
Warning |
|
Command Execution Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
Authentication/Authorization Attacks |
Sub Rule |
Suspicious Activity |
Suspicious |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text/String |
|
N/A |
<sname> |
Number/Text |
|
N/A |
<severity> |
Number/Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<processid> |
Number |
|
N/A |
<vmid> |
Number |
|
N/A |
<subject> |
Text/String |
|
user |
<login> |
Text/String |
|
asm_attack_type_name |
<threatname> |
Text/String |
|
N/A |
<tag1> |
Text/String |
|
asm_device_sync_device_name |
<objectname> |
Text/String |