Pattern 18 : Spam Quarantine
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 18 : Spam Quarantine | Base Rule | Ops/Information | General Information |
| Vacuumed Messages Elapsed | Sub Rule | Ops/Information | Vacuumed Messages Elapsed |
| Vacuum Finished | Sub Rule | Ops/Information | Vacuum Finished |
| Inactive Users Purged | Sub Rule | Ops/Information | Inactive Users Purged |
| Vacuum Started | Sub Rule | Audit/Startup and Shutdown | Process/Service Started |
| Task Ended | Sub Rule | Audit/Other | Task Ended |
| User Purge Completed | Sub Rule | Ops/Information | User Purge Completed |
| Task Started | Sub Rule | Audit/Startup and Shutdown | Process/Service Started |
| Scheduled Task Created | Sub Rule | Audit/Configuration | Configuration Enabled : System |
| Index Not Used | Sub Rule | Ops/Information | Index Not Used |
| Expired Message Purged | Sub Rule | Ops/Information | Expired Message Purged |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
<process> | Text\String | ||
| <object> | Text\String | ||
| <seconds> | Number | ||
| <milliseconds> | Number | ||
| <quantity> | Number | ||
<tag1> | Text\String | ||
| <tag2> | Text\String |