Breadcrumbs

Patt 5 : SMTP Session Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Patt 5 : SMTP Session Messages

Base Rule

General Information

Information

Rejected Message

Sub Rule

Suspicious E-mail Activity

Suspicious

Accepted Message

Sub Rule

Message Accepted

Other Audit Success

Timeout Message

Sub Rule

Connection Timeout

Warning

SMTP Session Deleted

Sub Rule

Session Ended

Information

Looking For Session Relay

Sub Rule

Session Information

Information

Lookup SMTP Session

Sub Rule

Session Information

Information

Put SMTP Session

Sub Rule

Session Information

Information

Reloaded Session Relay

Sub Rule

Session Started

Other Audit Success

Save Session Relay

Sub Rule

Session Information

Information

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<processid>

Number

N/A

<subject>

Text/String

N/A

<sname>

String

N/A

<sip>

Number

N/A

<sport>

Text/String/Number

N/A

<tag1>

Text/String

N/A

<session>.

String

N/A

<sender>

String

N/A

<recipient>

String

N/A

<protname>

String

N/A

<vendorinfo>

String

N/A

<dip>

Number

N/A

<dport>

Text/String/Number