Pattern 6 : SMTP Connection Messages
Classification
Rule Name | Rule Type | common event | classification |
|---|---|---|---|
| Pattern 6 : SMTP Connection Messages | Base Rule | General Information | Information |
| Connection Established | Sub Rule | Connection Established | Network Traffic |
| Disconnected | Sub Rule | Connection Closed | Network Traffic |
| TLS Session Starting | Sub Rule | Connection Built | Network Traffic |
| TLS Session Started | Sub Rule | Connection Established | Network Traffic |
| Connection Lost | Sub Rule | Connection Failed | Network Traffic |
| Connection Lost During Data Transfer | Sub Rule | Connection Failed During Data Transfer | Warning |
| Connection Lost After Recipient Declared | Sub Rule | Connection Lost After Recipient Declared | Warning |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | String/Text |
| N/A | <process> | String |
| N/A | <processid> | Number |
| N/A | <tag1> | String/Text |
| N/A | <sname> | String/Text |
| N/A | <sip> | Number |