Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
FirePOWER Informational Message |
Base Rule |
General Cisco IPS/IDS Log Message |
Information |
|
Block with reset |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
Trust |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
IPReputationSICategory |
<vendorinfo> |
Text/String |
|
N/A |
<severity> |
Text/String |
|
SrcIP |
<sip> |
Number |
|
DstIP |
<dip> |
Number |
|
SrcPort |
<sport> |
Number |
|
DstPort |
<dport> |
Number |
|
ingressinterface |
<sinterface> |
Number |
|
egressinterface |
<dinterface> |
Number |
|
ApplicationProtocol |
<protname> |
Text/String |
|
Username |
<login> |
Text/String |
|
Username |
<domainorigin> |
Text/String |
|
Cliet |
<object> |
Text/String |
|
WebApplication |
<objectname> |
Text/String |
|
policy |
<subject> |
Number |
|
IPReputationSICategory |
<threatname> |
Text/String |
|
url |
<url> |
Number/Text |
|
useragent |
<useragent> |
Text/String |
|
policy |
<policy> |
Number |
|
URLReputation |
<command> |
Text/String |
|
AccessControlRuleAction |
<action> |
Text/String |
|
AccessControlRuleName |
<reason> |
Text/String |
|
ingresszone |
<sender> |
Text/String |
|
egresszone |
<recipient> |
Text/String |
|
initiatorPackets |
<itemsout> |
Number |
|
ResponderPackets |
<itemsin> |
Number |
|
InitiatorBytes |
<bytesout> |
Number |
|
ResponderBytes |
<bytesin> |
Number |
|
AccessControlRuleAction: |
<tag1> |
Text/String |