Pattern 3 : Email Scan Results | LogRhythm Documentation

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_0100110.html

Rule Name	Rule Type	Classification	Common Event
Pattern 3 : Email Scan Results	Base Rule	Ops/Information	General Information
Brightmail Detection Negative	Sub Rule	Ops/Information	Brightmail Detection Negative
Brightmail Detection Positive	Sub Rule	Security/Misuse	Unauthorized E-mail
Antivirus Detection Negative	Sub Rule	Ops/Information	Antivirus Detection Negative
Antivirus Detection Positive	Sub Rule	Security/Malware	Detected Virus Activity
Spam Detection Positive	Sub Rule	Security/Suspicious	Suspicious E-mail Activity
Spam Detection Negative	Sub Rule	Ops/Information	Email Identified As Not Spam
Verdict Negative	Sub Rule	Ops/Information	Email Accepted