Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Notable Characteristics Events |
Base Rule |
General Information Log Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
N/A |
N/A |
CEF format version |
|
N/A |
N/A |
N/A |
Appliance vendor |
|
N/A |
N/A |
N/A |
Appliance product |
|
N/A |
<version> |
Numbers |
Appliance version |
|
N/A |
<vmid> |
Numbers |
Event ID |
|
N/A |
<vendorinfo> |
Text/String |
Description |
|
N/A |
<severity> |
Number |
Severity
|
|
rt |
N/A |
N/A |
Analysis Time |
|
dvc |
<dip> |
IP Address |
Appliance IP address |
|
dvchost |
<dname> |
Text/String |
Appliance hostname |
|
dvcmac |
<dmac> |
Text/String |
Appliance MAC address |
|
deviceExternalId |
N/A |
N/A |
Appliance GUID |
|
fname |
<object> |
Text/String |
File Name |
|
fileHash |
<hash> |
Text/String/Numbers |
SHA1 |
|
fileType |
<objecttype> |
Text/String |
True File Type |
|
fsize |
<size> |
Number |
File Size |
|
cs1Label |
N/A |
N/A |
Violated Policy Name |
|
cs1 |
<threatname> |
Text/String |
Violated Policy Name |
|
msg |
<subject>
|
Text/String |
Details |
|
cs3Label |
N/A |
N/A |
Sandbox Image Type |
|
cs3 |
N/A |
N/A |
Sandbox Image Type |
|
cs2Label |
N/A |
N/A |
Violated Event Analysis |
|
cs2 |
<policy> |
Text/String |
Violated Event Analysis |