Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
File Analysis Event |
Base Rule |
Activity |
General Threat Message |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
Header (logVer) |
N/A |
N/A |
CEF format version |
|
Header (vendor) |
N/A |
N/A |
Appliance vendor |
|
Header (pname) |
N/A |
N/A |
Appliance product |
|
Header (pver) |
N/A |
N/A |
Appliance version |
|
Header (eventid) |
N/A |
N/A |
Signature ID |
|
Header (eventName) |
<vendorinfo> |
Text/String |
Description |
|
Header (severity) |
<severity> |
Number |
Severity |
|
cn1 |
N/A |
N/A |
Result of GRID/CSSS |
|
cn1label |
N/A |
N/A |
Result of GRID/CSSS label |
|
cn2 |
N/A |
N/A |
ROZ rating |
|
cn2label |
N/A |
N/A |
ROZ rating label |
|
cn3 |
N/A |
N/A |
PCAP ready |
|
cn3Label |
N/A |
N/A |
PCAP ready label |
|
cs1 |
N/A |
N/A |
Sandbox image type |
|
cs1Label |
N/A |
N/A |
Sandbox image type label |
|
cs2 |
<threatname> |
Text/String |
Malware name |
|
cs2Label |
N/A |
N/A |
Malware name label |
|
cs3 |
N/A |
N/A |
Parent SHA1 |
|
cs3Label |
N/A |
N/A |
Parent SHA1 label |
|
deviceExternalId |
N/A |
N/A |
Appliance GUID |
|
dvc |
N/A |
N/A |
Appliance IP address |
|
dvchost |
N/A |
N/A |
Appliance host name |
|
dvcmac |
N/A |
N/A |
Appliance MAC address |
|
fileHash |
<hash> |
Text/String |
SHA1 |
|
filePath |
N/A |
N/A |
File path |
|
fileType |
<objecttype> |
Text/String |
True file type |
|
fname |
<object> |
Text/String |
File name |
|
fsize |
<size> |
Number |
File size |
|
rt |
N/A |
N/A |
Log generation time
|