Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 11 : PIX Traffic Messages |
Base Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-500003 : Bad TCP Header Length |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-1-106021 : Denied ICMP Reverse Path Check |
Sub Rule |
Failed General Attack Activity |
Failed Attack |
|
PIX-1-106021 : Denied TCP Reverse Path Check |
Sub Rule |
Failed General Attack Activity |
Failed Attack |
|
PIX-1-106021 : Denied UDP Reverse Path Check |
Sub Rule |
Failed General Attack Activity |
Failed Attack |
|
PIX-1-106021 : Denied SCTP Reverse Path Check |
Sub Rule |
Failed General Attack Activity |
Failed Attack |
|
PIX-1-106022 : ICMP Connection Spoof |
Sub Rule |
Failed Suspicious Network Activity |
Failed Suspicious |
|
PIX-X-212006 : Dropped SNMP Request |
Sub Rule |
Dropped SNMP Request |
Failed Activity |
|
PIX-X-500004 : Invalid Transport Field |
Sub Rule |
Invalid Transport Field |
Warning |
|
PIX-X-410001 : DNS Request Exceeds Packet Length |
Sub Rule |
Bad Packet Length |
Warning |
|
PIX-X-322004 : No Management IP Configured |
Sub Rule |
No Management IP Address Configured |
Warning |
|
PIX-X-313005 : No Matching Connection For ICMP |
Sub Rule |
No Matching Connection for ICMP Error Message |
Warning |
|
PIX-X-314001 : Pre-Allocate Backconnection |
Sub Rule |
Pre-Allocated RTSP Connection |
Information |
|
PIX-X-302004 : Pre-Allocate Backconnection |
Sub Rule |
Pre-Allocate H323 Backconnection |
Information |
|
PIX-X-106018 : Packet Denied |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106002 : Denied Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-4-106023 : Denied Packet by ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106011 : Denied Inbound ICMP |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-313004 : Denied ICMP |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-419001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-418001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-416001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106007 : Denied Inbound DNS Query |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106010 : Denied Inbound TCP Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106010 : Denied Inbound UDP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106010 : Denied Inbound ICMP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106014 : Denied Inbound ICMP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-4-106023 : Denied TCP Connection By ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-4-106023 : Denied UDP Packet By ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-4-106023 : Denied ICMP Packet By ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-313001 : Denied ICMP Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-1-106022 TCP Connection Spoof |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106001 : Denied Inbound TCP Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106007 : UDP Connection Denied DNS Flag |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-2-106006 : UDP Connection Denied |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-6-106015 : Denied Inbound TCP Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106011 : Denied Inbound UDP |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106011 : Denied Inbound TCP |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-3-106011 : Denied Inbound ICMP |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-710003 : Access Denied by ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-614002 : DNS Reply |
Sub Rule |
DNS Reply |
Network Traffic |
|
PIX-X-614001 : DNS Request |
Sub Rule |
DNS Request |
Network Traffic |
|
PIX-X-507001 : Terminated Connection |
Sub Rule |
Connection Closed |
Network Traffic |
|
PIX-X-507003 : Terminated Connection |
Sub Rule |
Connection Terminated |
Network Traffic |
|
PIX-4-419002 : Duplicate SYN Packet |
Sub Rule |
Duplicate SYN Packet |
Network Traffic |
|
PIX-X-710005 : Request Discarded |
Sub Rule |
Request Discarded |
Network Traffic |
|
PIX-X-710006 : Request Discarded |
Sub Rule |
Request Discarded |
Network Traffic |
|
PIX-X-108003 : Connection Terminated |
Sub Rule |
Connection Closed |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<severity> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<sname> |
Text/String |
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
Text/String |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<sinterface> |
Text/String |
|
N/A |
<dinterface> |
Text/String |
|
N/A |
<protnum> |
Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<objectname> |
Text/String |
|
N/A |
<threatname> |
Text/String |
|
N/A |
<reason> |
Text/String |
|
N/A |
<duration> |
Number |
|
N/A |
<size> |
Number |