Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type and values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
|
Log Field |
LogRhythm Default |
LogRhythm Default v2.0 |
|
Header: Severity |
<severity> <tag1> |
N/A |
|
login |
<login> <domainorigin> |
<login> <domainorigin> |
|
dname |
<dname> |
<dname> |
|
dip |
<dip> |
<dip> |
|
sip |
<sip> |
<sip> |
|
natPublicIp |
<snatip> |
<dnatip> |
|
url |
N/A |
<url> |
|
ua |
<object> |
<useragent> |
|
proto |
<protname> |
<protname> |
|
action |
N/A |
<action> <tag1> |
|
reason |
N/A |
<reason> |
|
appName |
N/A |
<objectname> |
|
appClass |
N/A |
<object> |
|
fileType |
<objecttype> |
N/A |
|
totalSize |
<size> |
<size> |
|
malwareCat |
N/A |
<status> |
|
threatName |
<threatname> |
<threatname> |
|
riskScore |
N/A |
<severity> |
|
dept |
N/A |
<vendorinfo> |
|
reqMethod |
N/A |
<command> |
|
respCode |
N/A |
<responsecode> |
|
respversion |
N/A |
<version> |
|
urlCat |
N/A |
<group> <tag2> |
|
contenttype |
N/A |
<objecttype> |
|
devicehostname |
N/A |
<sname> |
|
deviceowner |
N/A |
<login> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
|
Regex ID |
Rule Name |
Rule Type |
Common Event |
Classification |
|
1011877 |
Zscaler Network Details |
Base Rule |
General Network Traffic Log Message |
Network Traffic |
LogRhythm Default v2.0
|
Regex ID |
Rule Name |
Rule Type |
Common Event |
Classification |
|
1013219 |
V 2.0 Web Log Events |
Base Rule |
General WEB Information |
Information |
|
V 2.0: Blocked Network Traffic |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Allowed Network Traffic |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Anonymizer: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Anonymizer: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Blacklist: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Blacklist: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Blogs: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Blogs: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Business And Economy: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Continuing Education/Colleges: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Continuing Education/Colleges: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Business And Economy: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Corporate Marketing: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Corporate Marketing: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Discussion Forums: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Discussion Forums: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Education: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Education: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Entertainment: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Entertainment: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: File Host: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Finance: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Finance: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: File Host: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Flowserve-BlackList: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Flowserve-BlackList: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Gambling: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Gambling: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Games: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Games: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Hobbies/Leisure: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Hobbies/Leisure: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Image Host: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Image Host: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Information Technology: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Information Technology: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Internet Services: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Internet Services: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: K-12: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: K-12: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Miscellaneous Or Unknown: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Miscellaneous Or Unknown: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Music: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Music: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: News And Media: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: News And Media: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Office_365: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Office_365: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Online Chat: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Online Chat: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Online Shopping: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Online Shopping: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Portals: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Portals: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Professional Services: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Professional Services: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Radio Stations: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Radio Stations: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Real Estate: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Real Estate: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Reference Sites: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Reference Sites: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Science/Tech: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Science/Tech: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Shareware Download: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Shareware Download: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Shopping And Auctions: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Shopping And Auctions: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Social Networking: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Social Networking: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Special Interests/Social Org.: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Special Interests/Social Org.: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Sports: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Sports: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Spyware/Adware: Allowed |
Sub Rule |
Detected Spyware Activity |
Malware |
|
|
V 2.0: Spyware/Adware: Blocked |
Sub Rule |
Failed Spyware Activity |
Failed Malware |
|
|
V 2.0: Streaming Media: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Streaming Media: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Television/Movies: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Television/Movies: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Travel: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Travel: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: User_Defined-Bypass_Auth.: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: User_Defined-Bypass_Auth.: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: User_Defined-Bypass_SSL: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: User_Defined-Bypass_SSL: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: User_Defined-O365-SSL_Bypass: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: User_Defined-O365-SSL_Bypass: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: User-defined: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: User-defined: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Vehicles: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Vehicles: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Web Banners: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Web Banners: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Web Host: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Web Host: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Web Search: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Web Search: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
|
V 2.0: Webmail: Allowed |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
|
|
V 2.0: Webmail: Blocked |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |