Pattern 3 : Email Scan Results
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Pattern 3 : Email Scan Results | Base Rule | Ops/Information | General Information |
Brightmail Detection Negative | Sub Rule | Ops/Information | Brightmail Detection Negative |
Brightmail Detection Positive | Sub Rule | Security/Misuse | Unauthorized E-mail |
Antivirus Detection Negative | Sub Rule | Ops/Information | Antivirus Detection Negative |
Antivirus Detection Positive | Sub Rule | Security/Malware | Detected Virus Activity |
Spam Detection Positive | Sub Rule | Security/Suspicious | Suspicious E-mail Activity |
Spam Detection Negative | Sub Rule | Ops/Information | Email Identified As Not Spam |
Verdict Negative | Sub Rule | Ops/Information | Email Accepted |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
MID | <session> | Number | |
<subject> | Text\String | ||
<action> | Text\String | ||
<tag1> | Text\String | ||
<tag2> | Text\String |