Pattern 5 : PGP Cluster Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| PGP Cluster : Email-from-address Is Required | Sub Rule | Warning | Email Delivery User Unknown |
| PGP Cluster : Done Processing | Sub Rule | Information | Processing Notification |
| PGP Cluster : Receiving Scan Data | Sub Rule | Information | Scan Delivery |
| PGP Cluster : Scan Will Be Halted | Sub Rule | Information | Scan Duration Insufficient |
| PGP Cluster : Command Completed | Sub Rule | Access Success | Command Executed |
| PGP Cluster : Executing Command | Sub Rule | Access Success | Command Executed |
| PGP Cluster : SMS Is A Required Field | Sub Rule | Warning | General SMS Warning |
| PGP Cluster : Task Cant Be Executed On This Server | Sub Rule | Error | Error Starting Task |
| PGP Cluster : Task Ran | Sub Rule | Information | Task Status |
| PGP Cluster : Task Running | Sub Rule | Information | Task Status |
| PGP Cluster : Added Cluster Member | Sub Rule | Information | Cluster Operations |
| PGP Cluster : All Objects In Scan Message Present | Sub Rule | Information | General CLUSTER Message |
| PGP Cluster : HandleScanResponse | Sub Rule | Information | Validate Response |
| PGP Cluster : Non-DMZ Link | Sub Rule | Information | Interface Connected |
| Pattern 5 : PGP Cluster Messages | Base Rule | Information | General PGP Message |
| PGP Cluster : Rejecting Connection Request | Sub Rule | Network Deny | Traffic Denied by Host Firewall |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| LOC5 | <severity> | Text/String |
| N/A | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Text/String |
| N/A | <object> | Text/String |
| N/A | <tag2> | Text/String |
| N/A | <tag3> | Text/String |
| N/A | <sip> | Number |
| N/A | <sport> | Number |
| N/A | <quantity> | Number |
| N/A | <packets> | Number |
| N/A | <duration> | Number |