Packet Log
Classification
| Rule Name | Rule Type | Common Event | Classification |
| Packet Log | Base Rule | Network Traffic | Network Traffic |
| Permitted TCP Packet | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted TCP Packet (Established) | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted UDP Packet | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted UDP Packet (Established) | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted ICMP Packet | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted Packet | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Permitted Packet (Established) | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| ASA : Permitted UDP Packet | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| Denied ICMP Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Denied TCP Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Denied UDP Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Denied Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| ASA : Denied UDP Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| ASA: Denied TCP Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Number |
| N/A | <severity> | Number |
| N/A | <sip> | Number |
| N/A | <sname> | Text/String |
| N/A | <dip> | Number |
| N/A | <dname> | Text/String |
| N/A | <sport> | Number |
| N/A | <dport> | Number |
| N/A | <login> | Text/String |
| N/A | <protnum> | Number |
| N/A | <protname> | Text/String |
| N/A | <object> | Text/String |
| N/A | <objectname> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <tag2> | Text/String |
| N/A | <duration> | Number |
| N/A | <amount> | Number |