Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Firewall Message |
Base Rule |
Network Traffic |
Network Traffic |
|
Final_reject message |
Sub Rule |
Network Deny |
Traffic Denied by Network Firewall |
Mapping with LogRhythm Schema
|
Device Key in log message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
KERN |
N/A |
N/A |
|
kernel |
<tag1> <action> |
Text/String |
|
IN |
<sinterface> |
Text/String |
|
OUT |
N/A |
N/A |
|
MAC |
N/A |
N/A |
|
SRC |
<sip> |
IP Address |
|
DST |
<dip> |
IP Address |
|
LEN |
N/A |
N/A |
|
TOS |
N/A |
N/A |
|
PREC |
N/A |
N/A |
|
TTL |
N/A |
N/A |
|
ID |
<processid> |
Number |
|
PROTO |
<protname> |
Text/String |
|
SPT |
<sport> |
Number |
|
DPT |
<dport> |
Number |
|
WINDOW |
N/A |
N/A |
|
RES |
N/A |
N/A |
|
SYN URGP |
N/A |
N/A |