General Events Messages

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name	Rule Type	Common Event	Classification
General Events Messages	Base Rule	General Eventlog Information	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Product	<version>	String/Text
Action	<action>	String/Text
ifdirection	<tag1>	String/Text
SIP	<sip>	Number
SPort	<sport>	Number
DIP	<dip>	Number
DPort	<dport>	Number
Protocol	<protname>	Number
IFName	<sinterface>	Number/Text
Reason	<reason>	Number/Text
Info	<vendorinfo>	Number/Text
XlateSIP	<snatip>	Number/Text
XlateDIP	<dnatip>	Number/Text
URL	<url>	Number/Text
CN	<login>	Number/Text
matched_category	<subject>	Text/String
severity	<severity>	Number
XlateSport	<snatport>	Number/Text
XlateDPort	<dnatport>	Number/Text
status	<status>	Number/Text