IDS Event Messages

N/A

Rule Name	Rule Type	Common Event	Classification
IDS Event Messages	Base Rule	IDS Event	Activity

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	N/A
N/A	N/A	N/A	Device Vendor
product_name	<vendorinfo>	Text/String	N/A
oci_version	<version>	Text/String	N/A
risk_type_description	<vmid>	Text/String	N/A
event_sub_category	<object>	Text/String	N/A
Severity	<severity>	Number	Severity level; ranges from 1 to 10 (critical).
type	<objecttype>	Number	Can be: 0—Base event. 1—Aggregate event
Desc	<subject>	N/A	N/A
initiatorIPAddress	<sip>	IP Address	N/A
responderIPAddress	<dip>	IP Address	N/A
initiatorPort	<sport>	Number	N/A
responderPort	<dport>	Number	N/A
idsFlowStat	<sname> <useragent> <command>	Text/String	N/A
idsProtocolDetails	N/A	N/A	N/A
initiatorHostGroup	N/A	N/A	N/A
responderHostGroup	N/A	N/A	N/A
initiatorHostGroupCount	N/A	N/A	N/A
responderHostGroupCount	N/A	N/A	N/A
app	<protname>	Text/String	N/A
interfaceCount	<quantity>	Number	N/A
violationCount	N/A	N/A	N/A
start	N/A	N/A	Start time of event.
end	N/A	N/A	End time of event.
url	<url>	Text/String	N/A
appcount	N/A	N/A	N/A
initiatorIPAddressCount	N/A	N/A	N/A
responderIPAddressCount	N/A	N/A	N/A
initiatorPortCount	N/A	N/A	N/A
responderPortCount	N/A	N/A	N/A
idsFlowStatsSummary	N/A	N/A	N/A

Vendor Documentation