Pattern 4 : New Email Reception Connection
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 4 : New Email Reception Connection | Base Rule | Ops/Information | General Information |
| Inbound Email Connection Established | Sub Rule | Ops/Network Traffic | Connection Built |
| Outbound Email Connection Established | Sub Rule | Ops/Network Traffic | Connection Built |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
<process> <tag2> | Text\String | ||
| DCID\ICID | <processid> | Number | |
| <sip> | IP Address | ||
| <sname> | Text\String | ||
<status> <tag1> | Text\String |