Pattern 6 : SMTP Conversation Syslog
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 6 : SMTP Conversation Syslog | Base Rule | Ops/Information | General SMTP Information |
| SMTP EHLO Announcement | Sub Rule | Ops/Information | SMTP EHLO Announcement |
| SMTP Recipient Declaration | Sub Rule | Ops/Information | General Email Recipient Information |
| SMTP Sender Declaration | Sub Rule | Ops/Information | General Email Sender Message |
| SMTP Denied By Reputation | Sub Rule | Security/Failed Misuse | Failed Unauthorized E-mail |
| SMTP Connection Closed | Sub Rule | Ops/Network Traffic | Connection Closed |
| SMTP QUIT Requested | Sub Rule | Ops/Information | SMTP QUIT Requested |
| SMTP Connection Established | Sub Rule | Ops/Network Traffic | Connection Established |
| SMTP Message Accepted | Sub Rule | Audit/Other Audit Success | Message Accepted |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| <sip> | IP Address | ||
| <sname> | Text\String | ||
| <domainorigin> | Text\String | ||
| DCID | <session> | Number | |
| <responsecode> | Number | ||
| <sender> | Text\String | ||
| <recipient> | Text\String | ||
| <tag1> | Text\String | ||
| <tag2> | Text\String |