Pattern 9 : Anti-Virus Logs
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Pattern 9 : Anti-Virus Logs | Base Rule | Security/Other | General Security |
Checking For Virus Signature Update | Sub Rule | Ops/Information | Checking For Virus Signature Update |
Virus Signature Update Not Needed | Sub Rule | Ops/Information | Virus Signature Update Not Needed |
Anti-Virus Engine Update Not Needed | Sub Rule | Ops/Information | Anti-Virus Engine Update Not Needed |
Anti-Virus Engine Started | Sub Rule | Ops/Information | Anti-Virus Engine Started |
Anti-Virus Engine Reloaded | Sub Rule | Ops/Information | Anti-Virus Engine Reloaded |
Message Virus Free | Sub Rule | Ops/Information | Message Virus Free |
Virus Signatures Reloading | Sub Rule | Ops/Information | Virus Signatures Reloading |
Anti-Virus Update Failed | Sub Rule | Ops/Error | Anti-Virus Update Failed |
Error Transferring Anti-Virus Update | Sub Rule | Ops/Error | Error Transferring Anti-Virus Update |
Virus Detected In Message | Sub Rule | Security/Failed Malware | Failed Virus Activity |
Object Encrypted Messages | Sub Rule | Ops/Information | Encryption Information |
Encrypted Object Messages | Sub Rule | Ops/Information | General Encryption Information |
Virus Returning After Scan Messages | Sub Rule | Ops/Information | Antivirus Detection Negative |
Virus Free Messages | Sub Rule | Ops/Information | Message Virus Free |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
MID | <session> | Number | |
<object> | Text\String | ||
<objecttype> | Text\String | ||
<subject> | Text\String | ||
<url> | Text\String | ||
<action> | Text\String | ||
<result> <tag2> | Text\String | ||
<tag1> | Text\String |