Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 18 : Build/Teardown Connections |
Base Rule |
General Firewall Log |
Network Traffic |
|
PIX-X-302018 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302016 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302014 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
ASA-6-302021 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302027 : Teardown ICMP Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302025 : Teardown UDP Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302023 : Teardown TCP Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-305011 : Built Translation |
Sub Rule |
Translation Built |
Network Traffic |
|
PIX-X-305012 : Teardown Translation |
Sub Rule |
Translation Teardown |
Network Traffic |
|
PIX-X-302017 : Built Inbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302015 : Built Inbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302013 : Built Inbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302013 : Built Outbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302015 : Built Outbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302017 : Built Outbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
ASA-6-302020 : Built Outbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
ASA-6-302020 : Built Inbound Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302026 : Built ICMP Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302024 : Built UDP Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302022 : Built TCP Connection |
Sub Rule |
Connection Built |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number
|
|
N/A |
<severity> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<sname> |
Text/String |
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
Text/String |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<dnatip> |
Number |
|
N/A |
<dnatport> |
Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<login> |
Text/String |
|
N/A |
<domain> |
Text/String |
|
N/A |
<session> |
Text/String |
|
N/A |
<result> |
Text/String |
|
N/A |
<reason> |
Text/String |
|
N/A |
<bytesin> |
Number |
|
N/A |
<bytesout> |
Number |
|
N/A |
<duration> |
Number |
|
N/A |
<size> |
Number |
|
N/A |
<tag1> |
Text/String |