Firepower Informational Message
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| FirePOWER Informational Message | Base Rule | General Cisco IPS/IDS Log Message | Information |
| Block with reset | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Trust | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| IPReputationSICategory | <vendorinfo> | Text/String |
| N/A | <severity> | Text/String |
| SrcIP | <sip> | Number |
| DstIP | <dip> | Number |
| SrcPort | <sport> | Number |
| DstPort | <dport> | Number |
| ingressinterface | <sinterface> | Number |
| egressinterface | <dinterface> | Number |
| ApplicationProtocol | <protname> | Text/String |
| Username | <login> | Text/String |
| Username | <domainorigin> | Text/String |
| Cliet | <object> | Text/String |
| WebApplication | <objectname> | Text/String |
| policy | <subject> | Number |
| IPReputationSICategory | <threatname> | Text/String |
| url | <url> | Number/Text |
| useragent | <useragent> | Text/String |
| policy | <policy> | Number |
| URLReputation | <command> | Text/String |
| AccessControlRuleAction | <action> | Text/String |
| AccessControlRuleName | <reason> | Text/String |
| ingresszone | <sender> | Text/String |
| egresszone | <recipient> | Text/String |
| initiatorPackets | <itemsout> | Number |
| ResponderPackets | <itemsin> | Number |
| InitiatorBytes | <bytesout> | Number |
| ResponderBytes | <bytesin> | Number |
| AccessControlRuleAction: | <tag1> | Text/String |