Link Shadow Log Messages
Vendor Documentation
N/A |
Classification
Rule Name | Rule Type | Common Event | Classification |
Link Shadow Log Messages | Base Rule | General Information | Information |
Threat Intel Domain Log Messages | Sub Rule | General Threat Message | Information |
Threat Intel IP Log Messages | Sub Rule | General Threat Message | Information |
Suspected DGA Log Messages | Sub Rule | Suspicious Activity | Suspicious |
Suspicious Domains Log Messages | Sub Rule | Suspicious Activity | Suspicious |
Suspicious Login Log Messages | Sub Rule | Suspicious User Activity | Suspicious |
Suspicious IP Log Messages | Sub Rule | Suspect IP Address Detected | Activity |
Suspicious DNS Log Messages | Sub Rule | Suspicious Activity | Suspicious |
Suspicious DNS Query Log Messages | Sub Rule | Suspicious Activity | Suspicious |
SSH Traffic Log Messages | Sub Rule | SSH session in progress on Unusual Port | Activity |
SSH Connection To External Log Messages | Sub Rule | SSH Session Opened | Network Traffic |
SSH Connection Attempt From External Log Messages | Sub Rule | SSH Session Opened | Network Traffic |
SMB Brute Force Log Messages | Sub Rule | Brute Force Activity | Attack |
RDP Log Messages | Sub Rule | General Information | Information |
DNS Response Log Messages | Sub Rule | DNS Response | Information |
Network Scan Log Messages | Sub Rule | Network Information Message | Information |
HTTP Errors Log Messages | Sub Rule | General HTTP Error | Error |
Multiple Files Transfer Log Messages | Sub Rule | General File Transfer Message | Information |
Kerberos Traffic Log Messages | Sub Rule | General Kerberos Information | Information |
File Transfer Log Messages | Sub Rule | General File Transfer Message | Information |
Executable File Transfers Log Messages | Sub Rule | General File Transfer Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | 4 |
N/A | N/A | N/A | Device vendor. |
product_name | <vendorinfo> | Text/String | N/A |
N/A | <version> | Number | Version. |
N/A | <vmid> | Number | Signature ID. |
N/A | <object> | Text/String | Description of the event. |
Severity | <severity> | Number | N/A |
dvc | <dnatip> | IP Address | N/A |
externalId | N/A | N/A | N/A |
smac | <smac> | Number | N/A |
spt | <sport> | Number | N/A |
dpt | <dport> | Number | N/A |
cat | N/A | N/A | N/A |
msg | <subject> | Text/String | N/A |
src | <sip> | IP Address | N/A |
dst | <dip> | IP Address | N/A |
cn1Label | N/A | N/A | N/A |
cn1 | N/A | N/A | N/A |
cs3Label | N/A | N/A | N/A |
cs3 | <process> | Text/String | N/A |
cn2Label | N/A | N/A | N/A |
cn2 | N/A | N/A | N/A |
fname | <objectname> | Text/String | N/A |
fileHash | <hash> | Text/String/Number | N/A |
fileType | <objecttype> | Text/String | N/A |
rt | N/A | N/A | N/A |
reason | <reason> | Text/String | N/A |
suser | <login> | Text/String | N/A |
duser | <account> | Text/String | N/A |