Netskope: Malware Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Base Rule | Malware | Detected Malware Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Device vendor | N/A | N/A |
| device product | N/A | N/A |
| Device version | N/A | N/A |
| Device event class id | <vmid> | Text/String |
| Event name | N/A | N/A |
| Severity of the event | <severity> | Text/String |
| accessMethod | N/A | N/A |
| act | N/A | N/A |
| action | <action> | Text/String |
| appcategory | <subject> | Text/String |
| cci | N/A | N/A |
| ccl | N/A | N/A |
| dst | <dip> | IP Address |
| fsize | <size> | Number |
| hostname | <dname> | Text/String |
| md5 | <hash> | Text/String |
| mwDetectionEngine | N/A | N/A |
| mwDetectionName | <threatname> | Text/String |
| mwId | <threatid> | Text/String |
| mwProfile | N/A | N/A |
| mwScannerResult | N/A | N/A |
| mwType | N/A | N/A |
| object | <object> | Text/String |
| requestClientApplication | N/A | N/A |
| src | <sip> | IP Address |
| sha256 | <hash> | Text/String |
| sourceServiceName | <process> | Text/String |
| suser | <login> | Text/String |
| timestamp | N/A | N/A |
| url | <url> | Text/String |