Skip to main content
Skip table of contents

Firewall Messages - V6.5.8

Vendor Documentation

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Classification

Rule Name

Rule Type

Common Event

Classification


Firewall Messages - V6.5.8Base RuleGeneral Firewall EventInformation
EVID 70018 : Connection_AllowedSub RuleTraffic Allowed by Host FirewallNetwork Allow
EVID 70019 : Connection_DiscardedSub RuleConnection ClosedNetwork Traffic
EVID 70022 : Connection_Closed-AbnormallySub RuleConnection TerminatedNetwork Traffic
EVID 70021 : Connection_ClosedSub RuleConnection ClosedNetwork Traffic
EVID 71257 : TCP_Segment-SYN-No-OptionsSub RuleTCP SYN ReceivedNetwork Traffic
EVID 79059 : Suspicious Traffic InformationSub RuleGeneral Traffic Other WarningWarning
EVID 79002 : Protocol ViolationSub RuleVuln High Severity : Protocol ViolationVulnerability
EVID 71053 : Suspicious TrafficSub RuleSuspicious Network ActivitySuspicious
EVID 71037 : Protocol ViolationSub RuleVuln High Severity : Protocol ViolationVulnerability
EVID 70961 : System Situations MessagesSub RuleGeneral System InformationInformation
EVID 70082 : Protocol ViolationSub RuleVuln High Severity : Protocol ViolationVulnerability
EVID 499394 : Suspected DisclosureSub RuleSuspicious Network ActivitySuspicious
EVID 324107 : Suspected DisclosureSub RuleSuspicious Network ActivitySuspicious
EVID 262690 : Potential CompromisedSub RuleNetwork CompromisedCompromise
EVID 1310733 : Potential CompromisedSub RuleNetwork CompromisedCompromise

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
severity<severity>Text/String/Number
Version

<version>

Number
vmid<vmid>Number
command<command>Text/String
dvchost<dname>Text/String
src<sip>IP Address
dst<dip>IP Address
spt<sport>Number
dpt<dport>Number
proto<protnum>Number
deviceInboundInterface<sinterface>Text/String/Number
deviceOutboundInterface<dinterface>Text/String/Number
act<action>Text/String
devicefacility<objectname>Text/String
app<object>Text/String
cat<subject>Text/String
requestURL<url>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close