Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 20 : Traffic |
Base Rule |
General Firewall Log |
Network Traffic |
|
ASA-4-338202 : Potential TCP Botnet Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338202 : Potential UDP Botnet Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338002 : Monitored Blacklisted TCP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338002 : Monitored Blacklisted UDP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338004 : Monitored Blacklisted TCP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338003 : Monitored Blacklisted UDP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-4-338004 : Monitored Blacklisted UDP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
ASA-3-338005 : Trfc Denied From Blacklisted Domain |
Sub Rule |
Failed Unauthorized Website |
Failed Misuse |
|
ASA-3-338006 : Trfc Denied To Blacklisted Domain |
Sub Rule |
Failed Unauthorized Website |
Failed Misuse |
|
ASA-3-338005 : Malware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-3-338006 : Malware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-3-338005 : Spyware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-3-338006 : Spyware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338008 : Malware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338204 : Malware TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338008 : Botnet TCP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338208 : Malware UDP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338007 : Malware UDP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338008 : Malware UDP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
ASA-4-338008 : Botnet UDP Traffic Dropped |
Sub Rule |
Failed Malware Activity |
Failed Malware |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
Text/String |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<threatname> |
Text/String |
|
N/A |
<threatid> |
Number |
|
N/A |
<url> |
Text/String |
|
N/A |
<tag1> |
Text/String |
|
N/A |
<tag3> |
Text/String |