Skip to main content
Skip table of contents

File Analysis Event

Vendor Documentation


Rule Name

Rule Type


Common Event

File Analysis EventBase RuleActivityGeneral Threat Message

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)N/AN/ASignature ID
Header (eventName)<vendorinfo>Text/StringDescription
Header (severity)<severity>NumberSeverity
cn1N/AN/AResult of GRID/CSSS
cn1labelN/AN/AResult of GRID/CSSS label
cn2N/AN/AROZ rating
cn2labelN/AN/AROZ rating label
cn3N/AN/APCAP ready
cn3LabelN/AN/APCAP ready label
cs1N/AN/ASandbox image type
cs1LabelN/AN/ASandbox image type label
cs2<threatname>Text/StringMalware name
cs2LabelN/AN/AMalware name label
cs3N/AN/AParent SHA1
cs3LabelN/AN/AParent SHA1 label
deviceExternalIdN/AN/AAppliance GUID
dvcN/AN/AAppliance IP address
dvchostN/AN/AAppliance host name
dvcmacN/AN/AAppliance MAC address
filePathN/AN/AFile path
fileType<objecttype>Text/StringTrue file type
fname<object>Text/StringFile name
fsize<size>NumberFile size
rtN/AN/ALog generation time
Format: Unix time stamp (number of milliseconds since Jan 01 1970 UTC)
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.