Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 6 : SMTP Conversation Syslog
|
Base Rule |
Ops/Information |
General SMTP Information |
|
SMTP EHLO Announcement |
Sub Rule |
Ops/Information |
SMTP EHLO Announcement |
|
SMTP Recipient Declaration |
Sub Rule |
Ops/Information |
General Email Recipient Information |
|
SMTP Sender Declaration |
Sub Rule |
Ops/Information |
General Email Sender Message |
|
SMTP Denied By Reputation |
Sub Rule |
Security/Failed Misuse |
Failed Unauthorized E-mail |
|
SMTP Connection Closed |
Sub Rule |
Ops/Network Traffic |
Connection Closed |
|
SMTP QUIT Requested |
Sub Rule |
Ops/Information |
SMTP QUIT Requested |
|
SMTP Connection Established |
Sub Rule |
Ops/Network Traffic |
Connection Established |
|
SMTP Message Accepted |
Sub Rule |
Audit/Other Audit Success |
Message Accepted |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
|
<sip> |
IP Address |
|
|
|
<sname> |
Text\String |
|
|
|
<domainorigin> |
Text\String |
|
|
DCID |
<session> |
Number |
|
|
|
<responsecode> |
Number |
|
|
|
<sender> |
Text\String |
|
|
|
<recipient> |
Text\String |
|
|
|
<tag1> |
Text\String |
|
|
|
<tag2> |
Text\String |
|