New Anti Virus
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| New Anti Virus | Base Rule | General Firewall Log | Network Traffic |
| Anti Virus : Control Traffic | Sub Rule | Virus Scan Activity | Activity |
| Anti Virus : Outbound Traffic | Sub Rule | Outbound Connection Observed | Network Traffic |
| Anti Virus : Inbound Traffic | Sub Rule | Inbound Connection Observed | Network Traffic |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Product | <version> | Number/Text |
| Origin | <sender> | Number/Text |
| Action | <action> | Number/Text |
| Action | <tag1> | Number/Text |
| ifdirection | <tag2> | Number/Text |
| SIP | <sip> | Number |
| SPort | <sport> | Number |
| DIP | <dip> | Number |
| dport | <dport> | Number |
| protocol | <protname> | Number/Text |
| src_machine_name | <sname> | Number/Text |
| dst_machine_name | <dname> | Number/Text |
| ifname | <sinterface> | Number/Text |
| User | <login> | Number/Text |
| src_user_name | <login> | Number/Text |
| dst_user_name | <account> | Number/Text |
| Url | <url> | Number/Text |
| Severity | <severity> | Number/Text |
| to | <recipient> | Number/Text |
| from | <sender> | Number/Text |
| sent_bytes | <bytesout> | Number |
| received_bytes | <bytesin> | Number |
| web_client_type | <useragent> | Number/Text |
| Dst_DNS_Host | <dname> | Number/Text |
| session_id | <session> | Number/Text |
| malware_action | <vendorinfo> | Number/Text |
| Protection_name | <threatname> | Number/Text |
| description | <subject> | Text/String |
| Reason | <reason> | Number/Text |
| file_type | <objecttype> | Text/String |
| file_name | <object> | Text/String |
| scan_result | <result> | Number/Text |
| virus_name | <threatname> | Number/Text |