Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Junos Syslog Event |
Base Rule |
Information |
General Security Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
The time when the log was generated on the SRX Series device. |
|
N/A |
N/A |
N/A |
The time when the log was received on the log collector. |
|
N/A |
N/A |
N/A |
The name of the SRX Series device. |
|
N/A |
<vendorinfo> |
Text/String |
The event name of the log. |
|
Source-Country |
N/A |
N/A |
The source country name. |
|
source-address |
<sip> |
IP Address |
The source IP address from where the event occurred. |
|
Destination-Country |
N/A |
N/A |
Destination country name from where the event occurred. |
|
destination-address |
<dip> |
IP Address |
The destination IP address of the event. |
|
source-port |
<sport> |
Number |
The source port of the event. |
|
destination-port |
<dport> |
Number |
The destination port of the event. |
|
Description |
<subject> |
Text/String |
The description of the log. |
|
Attack-name |
<threatname> |
Text/String |
Attack name of the log: Trojan, worm, virus, etc. |
|
Threat-Severity |
<severity> |
Text/String |
The severity level of the threat. |
|
Policy Name |
<policy> |
Text/String |
The policy name in the log. |
|
UTM-category or Virus-Name |
N/A |
N/A |
The UTM category of the log. |
|
URL |
<url> |
Text/String |
Accessed URL name that triggered the event. |
|
Event category |
N/A |
N/A |
The event category of the log. |
|
Username |
<account> |
Text/String |
The username of the log. |
|
Action |
<action> |
Text/String |
Action taken for the event: warning, allow, and block. |
|
Log-Source |
N/A |
N/A |
The IP address of the log source. |
|
Application |
N/A |
N/A |
The application name from which the events or logs are generated |
|
Hostname |
<sname> |
Text/String |
The host name in the log. |
|
Service-Name |
N/A |
N/A |
The name of the application service. For example, FTP, HTTP, SSH, etc. |
|
Nested-Application |
N/A |
N/A |
The nested application in the log. |
|
source-zone-name |
N/A |
N/A |
The source zone of the log. |
|
destination-zone-name |
N/A |
N/A |
The destination zone of the log. |
|
Protocol-ID |
<protnum> |
Number |
The protocol ID in the log. |
|
Roles |
N/A |
N/A |
The role name associated with the log. |
|
Reason |
<reason> |
Text/String |
The reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed. |
|
NAT-Source-Port |
<snatport> |
Number |
The translated source port. |
|
NAT-Destination-Port |
<dnatport> |
Number |
The translated destination port. |
|
NAT-Source-Rule-Name |
N/A |
N/A |
The NAT source rule name. |
|
NAT-Destination-Rule-Name |
N/A |
N/A |
The NAT destination rule name. |
|
NAT-Source-address |
<snatip> |
IP Address |
The translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses. |
|
nat-destination-address |
<dnatip> |
IP Address |
The translated (also called natted) destination IP address. |
|
Traffic-Session-ID |
<session> |
Number |
The traffic session ID of the log. |
|
Path-Name |
N/A |
N/A |
The path name of the log. |
|
Logical-system-Name |
N/A |
N/A |
The name of the logical system. |
|
Rule-Name |
N/A |
N/A |
The name of the rule. |
|
Profile-Name |
N/A |
N/A |
The name of the All events profile that triggered the event. |
|
Client-Hostname |
<dname> |
Text/String |
Hostname of the client. |
|
Malware-Info |
N/A |
N/A |
Information of the malware. |
|
Logical-Subsystem-Name |
N/A |
N/A |
The name of the logical system in JSA logs. |