Message Tracking Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Message Tracking Log Messages | Base Rule | Email Message Deferred | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
Header (logVer) | N/A | N/A | CEF format version. |
Header (vendor) | N/A | N/A | Appliance vendor. |
Header (pname) | N/A | N/A | Appliance product. |
Header (pver | <version> | Text/String | Appliance version. |
Header (eventid) | <vmid> | Number | Signature ID. |
Header (eventName) | <vendorinfo> | Text/String | Description. |
Header (severity) | <severity> | Number | Severity
|
rt | N/A | N/A | Log generation time. |
cs3Label | N/A | N/A | Latest status. |
cs3 | <action> | Text/String |
|
dvchost | <dname> | Text/String | Appliance host name. |
deviceExternalId | N/A | N/A | Appliance GUID. |
dvc | <dip> | IP Address | Appliance IP address. |
duser | <recipient> | Text/String | Email recipients. |
dvcmac | <dmac> | Text/String | Appliance MAC address. |
reason | <reason> | Text/String | Reason for block action. |
cs1Label | N/A | N/A | Email ID. |
cs1 | <object> | Text/String | Email ID. |
cs4Label | N/A | N/A | Label for sender email address. |
cs4 | <sender> | Text/String | Sender email address. |
cs2Label | N/A | N/A | Internal email ID. |
cs2 | N/A | N/A | Internal email ID. |
cs6Label | N/A | N/A | Label for process history. |
cs6 | <subject> | Text/String | Process history. |