Skip to main content
Skip table of contents

Pattern 3 : Email Scan Results

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_0100110.html

Classification

Rule NameRule TypeClassificationCommon Event
Pattern 3 : Email Scan Results
Base RuleOps/InformationGeneral Information
Brightmail Detection NegativeSub RuleOps/InformationBrightmail Detection Negative
Brightmail Detection PositiveSub RuleSecurity/MisuseUnauthorized E-mail
Antivirus Detection NegativeSub RuleOps/InformationAntivirus Detection Negative
Antivirus Detection PositiveSub RuleSecurity/MalwareDetected Virus Activity
Spam Detection PositiveSub RuleSecurity/SuspiciousSuspicious E-mail Activity
Spam Detection NegativeSub RuleOps/InformationEmail Identified As Not Spam
Verdict NegativeSub RuleOps/InformationEmail Accepted

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
MID<session>Number

<subject>Text\String

<action>Text\String

<tag1>Text\String

<tag2>Text\String


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close