File Analysis Events
Vendor Documentation
https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf |
Classification
Rule Name | Rule Type | Common Event | Classification |
File Analysis Events | Base Rule | General Information Log Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | CEF format version |
N/A | N/A | N/A | Appliance vendor |
N/A | N/A | N/A | Appliance product |
N/A | <version> | Numbers | Appliance version |
N/A | <vmid> | Number | Event ID |
N/A | <vendorinfo> | Text/String | Description |
N/A | <severity> | Number | Severity |
rt | N/A | N/A | Analysis Time |
dvc | <dip> | IP Address | Appliance IP address |
dvchost | <dname> | Text/String | Appliance hostname |
dvcmac | <dmac> | Text/String/Number | Appliance MAC address |
deviceExternalId | N/A | N/A | Appliance GUID |
fname | <object> | Text/String | File Name |
fileHash | <hash> | Text/String/Number | SHA1 |
fileType | <objecttype> | Text/String | True File Type |
fsize | <size> | Number | File Size |
cs1Label | N/A | N/A | Sandbox image type |
cs1 | N/A | N/A | Sandbox image type |
cs3Label | N/A | N/A | Parent SHA1 |
cs3 | N/A | N/A | Parent SHA1 |
cn1Label | N/A | N/A | Results of GRId/CSS |
cn1 | <threatid> | Number |
|
cn2Label | N/A | N/A | ROZ rating (Virtual |
cn2 | <result> | Text/String |
|
cn3Label | N/A | N/A | PCAP Ready |
cn3 | N/A | N/A | PCAP Ready |