Forensics Events 1
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Forensics Events | Base Rule | Vuln Low Severity : Forensics | Vulnerability |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Product | <version> | Number/Text |
| Action | <action> | Number/Text |
| SIP | <sip> | Number |
| SPort | <sport> | Number |
| DIP | <dip> | Number |
| dport | <dport> | Number |
| protocol | <protname> | Number/Text |
| ifname | <sinterface> | Number/Text |
| ifdirection | <tag1> | Number/Text |
| Reason | <reason> | Number/Text |
| Info | <vendorinfo> | Number/Text |
| XlateSIP | <snatip> | Number/Text |
| XlateSport | <snatport> | Number/Text |
| XlateDIP | <dnatip> | Number/Text |
| XlateDPort | <dnatport> | Number/Text |
| CN | <login> | Number/Text |
| matched_category | <subject> | Number/Text |
| Url | <url> | Number/Text |
| src_machine_name | <sname> | Number/Text |
| src_user_name | <login> | Number/Text |
| Confidence_Level | <amount> | Number/Text |
| Severity | <severity> | Number/Text |
| malware_action | <vendorinfo> | Number/Text |
| Protection_name | <threatname> | Number/Text |
| Protection_name | <object> | Number/Text |
| description | <subject> | Text/String |
| PolicyName | <policy> | Number/Text |
| file_md5 | <hash> | Number/Text |
| file_name | <objectname> | Number/Text |
| file_type | <objecttype> | Number/Text |
| file_size | <bytes> | Number |
| generalinformation | <vendorinfo> | Number/Text |