Pattern 20 : Traffic
Classification
| Rule Name | Rule Type | Common Event | Classification |
| Pattern 20 : Traffic | Base Rule | General Firewall Log | Network Traffic |
| ASA-4-338202 : Potential TCP Botnet Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338202 : Potential UDP Botnet Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338002 : Monitored Blacklisted TCP Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338002 : Monitored Blacklisted UDP Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338004 : Monitored Blacklisted TCP Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338003 : Monitored Blacklisted UDP Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-4-338004 : Monitored Blacklisted UDP Traffic | Sub Rule | Protocol Anomaly | Attack |
| ASA-3-338005 : Trfc Denied From Blacklisted Domain | Sub Rule | Failed Unauthorized Website | Failed Misuse |
| ASA-3-338006 : Trfc Denied To Blacklisted Domain | Sub Rule | Failed Unauthorized Website | Failed Misuse |
| ASA-3-338005 : Malware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-3-338006 : Malware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-3-338005 : Spyware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-3-338006 : Spyware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338008 : Malware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338204 : Malware TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338008 : Botnet TCP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338208 : Malware UDP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338007 : Malware UDP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338008 : Malware UDP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
| ASA-4-338008 : Botnet UDP Traffic Dropped | Sub Rule | Failed Malware Activity | Failed Malware |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Number |
| N/A | <sip> | Number |
| N/A | <dip> | Number |
| N/A | <dname> | Text/String |
| N/A | <sport> | Number |
| N/A | <dport> | Number |
| N/A | <protname> | Text/String |
| N/A | <object> | Text/String |
| N/A | <threatname> | Text/String |
| N/A | <threatid> | Number |
| N/A | <url> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <tag3> | Text/String |